summaryrefslogtreecommitdiff
path: root/source4/selftest
Commit message (Collapse)AuthorAgeFilesLines
* dbcheck: use the str() value of the "name" attributeStefan Metzmacher2019-03-281-1/+1
| | | | | | | | | | | | We do the same with the rdn attribute value and we need the same logic on both in order to check they are the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f)
* dbcheck: don't check expired tombstone objects by default anymoreStefan Metzmacher2019-03-281-8/+18
| | | | | | | | | | | | | | | These will be removed anyway and any change on them risks to be an originating update that causes replication problems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144 (cherry picked from commit a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311)
* blackbox/dbcheck-links.sh: prepare regression test for skipping expired ↵Stefan Metzmacher2019-03-281-0/+9
| | | | | | | | | | tombstones BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b096a3117ed9249fd6f65f3221a26c88efbba3b8)
* dbcheck: detect the change after deletion bugStefan Metzmacher2019-03-281-8/+7
| | | | | | | | | | | | | | | | | | | | | | | Old versions of 'samba-tool dbcheck' could reanimate deleted objects, when running at the same time as the tombstone garbage collection. When the (deleted) parent of a deleted object (with the DISALLOW_MOVE_ON_DELETE bit in systemFlags), is removed before the object itself, dbcheck moved it in the LostAndFound[Config] subtree of the partition as an originating change. That means that the object will be in tombstone state again for 180 days on the local DC. And other DCs fail to replicate the object as it's already removed completely there and the replication only gives the name and lastKnownParent attributes, because all other attributes should already be known to the other DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit a1658b306d85452407388b91a745078c9c1f7dc7)
* blackbox/dbcheck-links.sh: add regression test for lost deleted object repairStefan Metzmacher2019-03-281-0/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 1ccc21a34d295be3bb2ab481a5918003eae88bf4)
* dbcheck: don't remove dangling one-way links on already deleted objectsStefan Metzmacher2019-03-281-5/+2
| | | | | | | | | | | | | | | This would typically happen when the garbage collection removed a parent object before a child object (both with the DISALLOW_MOVE_ON_DELETE bit set in systemFlags), while dbcheck is running at the same time as the garbage collection. In this case the lastKnownParent attributes points a non existing object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e388e599495b6d7c38b8b6966332e27f8b958783)
* dbcheck: don't move already deleted objects to LostAndFoundStefan Metzmacher2019-03-281-5/+3
| | | | | | | | | | | | | This would typically happen when the garbage collection removed a parent object before a child object (both with the DISALLOW_MOVE_ON_DELETE bit set in systemFlags), while dbcheck is running at the same time as the garbage collection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6d50ee74920c39cdb18b427bfaaf200775bf2d73)
* blackbox/dbcheck-links.sh: reproduce lost deleted object problemStefan Metzmacher2019-03-281-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When a parent object is removed during the tombstone garbage collection before a child object and samba-tool dbcheck runs at the same time, the following can happen: - If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags, samba-tool dbcheck moves the object under the LostAndFound[Config] object (as an originating update!) - The lastKnownParent attribute is removed (as an originating update!) These originating updates cause the object to have an extended time as tombstone. And these changes are replicated to other DCs, which very likely already removed the object completely! This means the destination DC of replication has no chance to handle the object it gets from the source DC with just 2 attributes (name, lastKnownParent). The destination logs something like: No objectClass found in replPropertyMetaData BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5357f591accffbf8c62335c308b985811b66f0b5)
* s4:torture/smb2/read: add test for cancelling SMB aioRalph Boehme2018-11-061-0/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e37ff8c5fe18d400e378bf2591e209b30473d9f9)
* blackbox/dbcheck-links: Test broken links with missing <SID=...> on linked ↵Stefan Metzmacher2018-11-051-0/+8
| | | | | | | | | | attributes BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit f81771c8593327e058b9cb4330d7e77083df3ea9)
* testprogs/blackbox: add samba4.blackbox.test_primary_group testStefan Metzmacher2018-11-051-0/+2
| | | | | | | | | | | This demonstrates the bug, that happens when the primaryGroupID of a user is changed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 364ed537e0bcb3a97cae0f2d1ff72de9423ce0e6)
* dbchecker: Fixing up incorrect DNs wasn't workingTim Beale2018-11-052-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dbcheck would fail to fix up attributes where the extended DN's GUID is correct, but the DN itself is incorrect. The code failed attempting to remove the old/incorrect DN, e.g. NOTE: old (due to rename or delete) DN string component for objectCategory in object CN=alice,CN=Users,DC=samba,DC=example,DC=com - <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>; CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=bad,DC=com Change DN to <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>; CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com? [y/N/all/none] y Failed to fix old DN string on attribute objectCategory : (16, "attribute 'objectCategory': no matching attribute value while deleting attribute on 'CN=alice,CN=Users,DC=samba,DC=example,DC=com'") The problem was the LDB message specified the value to delete with its full DN, including the GUID. The LDB code then helpfully corrected this value on the way through, so that the DN got updated to reflect the correct DN (i.e. 'DC=example,DC=com') of the object matching that GUID, rather than the incorrect DN (i.e. 'DC=bad,DC=com') that we were trying to remove. Because the requested value and the existing DB value didn't match, the operation failed. We can avoid this problem by passing down just the DN (not the extended DN) of the value we want to delete. Without the GUID portion of the DN, the LDB code will no longer try to correct it on the way through, and the dbcheck operation will succeed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13495 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 22208f52e6096fbe9413b8ff339d9446851e0874)
* s4:selftest: test kinit with the interdomain trust user accountAlexander Bokovoy2018-09-051-0/+1
| | | | | | | | | | | | | | To test it, add a blackbox test that ensures we pass a keytab-based authentication with the trust user account for a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 7df505298f71432d5adbcffccde8f97c117a57a6)
* selftest: add a durable handle test with delayed disconnectRalph Boehme2018-09-051-0/+1
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 5508024a861e7c85e6c837552ad142aa1d5e8eca)
* s4:selftest: reformat smb2_s3only listRalph Boehme2018-09-051-1/+6
| | | | | | | | | | No change besides reformatting the list to one entry per line. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 3255822f75163cb38e53f634a5c6b03d46bfaff1)
* CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on ↵Kai Blin2018-08-111-0/+3
| | | | | | | | | invalid chars BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2018-10919 tests: Add tests for guessing confidential attributesTim Beale2018-08-111-0/+3
| | | | | | | | | | | | | | | | | | | | | Adds tests that assert that a confidential attribute cannot be guessed by an unprivileged user through wildcard DB searches. The tests basically consist of a set of DB searches/assertions that get run for: - basic searches against a confidential attribute - confidential attributes that get overridden by giving access to the user via an ACE (run against a variety of ACEs) - protecting a non-confidential attribute via an ACL that denies read- access (run against a variety of ACEs) - querying confidential attributes via the dirsync controls These tests all pass when run against a Windows Dc and all fail against a Samba DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
* s4:selftest: run test_ldb_simple.sh with more auth optionsStefan Metzmacher2018-06-041-0/+7
| | | | | | | | | | | This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE handling in our LDAP server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)
* tests/replica_sync_rodc: Test conflict handling on an RODCGarming Sam2018-02-271-0/+6
| | | | | | | | | | | | | | | | There are two cases we are interested in: 1) RODC receives two identical DNs which conflict 2) RODC receives a rename to a DN which already exists Currently these issues are ignored, but the UDV and HWM are being updated, leading to objects/updates being skipped. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 45d19167d52e42bd2f9369dbe37a233902cc81b0)
* dbcheck: add support for restoring missing forward linksRalph Boehme2018-02-091-2/+2
| | | | | | | | | | | | | | | | This recovers broken databases with duplicate and missing forward links. See commit a25c99c9f1fd1814c56c21848c748cd0e038eed7 for the fix that prevents to problem from happening. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5bf823d68bd33ee3160175a18a3838eff4e3cbb2)
* dbcheck: rename err_duplicate_links() to err_recover_forward_links() and ↵Ralph Boehme2018-02-091-1/+2
| | | | | | | | | | | | | | | adjust the output message It's really a fatal error to have duplicate values as it's very likely that some forward links got lost. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit ec433f8531a822dd40b343fbf3244157a5ecd544)
* dbcheck: add link direction to error message for duplicate linksRalph Boehme2018-02-091-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit dc43d31cd20fd12d2758b73ec0318215b8fbedfb)
* selftest/dbcheck: add a test for corrupt forward links restorationRalph Boehme2018-02-092-0/+36
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 52bd0b09804621e6de9ee0a377a442a42e07ee05)
* testprogs:blackbox: add regression test for unsorted links in ↵Stefan Metzmacher2018-01-254-1/+108
| | | | | | | | | | tombstones-expunge.sh BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit c34c2dd55545b99fba46cf374a1653bad96cea9e)
* samba-tool visualize for understanding AD DC behaviourDouglas Bagnall2018-01-131-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To work out what is happening in a replication graph, it is sometimes helpful to use visualisations. We introduce a samba-tool subcommand to write Graphviz dot output and generate text-based heatmaps of the distance in hops between DCs. There are two subcommands, two graphical modes, and (roughly) two modes of operation with respect to the location of authority. `samba-tool visualize ntdsconn` looks at NTDS Connections. `samba-tool visualize reps` looks at repsTo and repsFrom objects. In '--distance' mode (default), the distances between DCs are shown in a matrix in the terminal. With '--color=yes', this is depicted as a heatmap. With '--utf8' it is a lttle prettier. In '--dot' mode, Graphviz dot output is generated. When viewed using dot or xdot, this shows the network as a graph with DCs as vertices and connections edges. Certain types of degenerate edges are shown in different colours or line-styles. Normally samba-tool talks to one database; with the '-r' (a.k.a. '--talk-to-remote') option attempts are made to contact all the DCs known to the first database. This is necessary to get sensible results from `samba-tool visualize reps` because the repsFrom/To objects are not replicated, and it can reveal replication issues in other modes. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:selftest: replace --option=usespnego= with --option=clientusespnego=Stefan Metzmacher2018-01-101-14/+14
| | | | | | | | | | | I guess that's what we try to test here, as 'use spnego' was only evaluated on in the smb server part. The basically tests the 'raw NTLMv2 auth' option, we set it to yes on some environments, but keep a knownfail for the ad_member. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* source4/tests: typo in env nameJamie McClymont2018-01-041-1/+1
| | | | | | Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* samba-tool: --help test, ensuring help tree coverageDouglas Bagnall2017-12-221-0/+1
| | | | | | | | | | `samba-tool [COMMAND] --help` will list sub-commands of COMMAND (or top-level commands if COMMAND is omitted). This ensures that `samba-tool COMMAND SUBCOMMAND --help` works for all the commands found in the help tree. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* release-4-8-0-pre1: New database dump for checking that functional prep worksGarming Sam2017-12-2016-0/+88625
| | | | | | | | Next will be a test which compares the current run of the script against this reference provision. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb encrypted secrets moduleGary Lockyer2017-12-181-0/+2
| | | | | | | | | | | | | | | | | Encrypt the samba secret attributes on disk. This is intended to mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate memory read attacks. Currently the key file is stored in the same directory as sam.ldb but this could be changed at a later date to use an HSM or similar mechanism to protect the key. Data is encrypted with AES 128 GCM. The encryption uses gnutls where available and if it supports AES 128 GCM AEAD modes, otherwise nettle is used. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests dsdb encrypted secrets moduleGary Lockyer2017-12-181-0/+15
| | | | | | | | | | | Add tests to check that the encrypted_secrets module encrypts secrets/sensitive attributes on disk. This test also proves that the provision and join operations correctly configure the encrypted_secrets module. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:selftest: remove samba.blackbox.pdbtest.s4winbind testStefan Metzmacher2017-12-131-2/+0
| | | | | | | | | This is marked as knownfail for quite some time. I don't think such a test is a reason to the 'auth methods' option. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:selftest: remove samba.blackbox.pdbtest.s4winbind_wbclient testStefan Metzmacher2017-12-131-1/+0
| | | | | | | The "winbind_wbclient" backend is unused and will be removed soon. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool: validate password early in `domain provision`Jamie McClymont2017-12-101-0/+1
| | | | | | | | | | | | | | | | | Checks password against default quality and length standards when it is entered, allowing a second chance to enter one (if interactive), rather than running through the provisioning process and bailing on an exception Includes unit tests for the newly-added python wrapper of check_password_quality plus black-box tests for the checks in samba-tool. Breaks an openldap test which uses an invalid password. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9710 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12235 Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* source4 dsdb modules: Add new module "unique_object_sids"Gary Lockyer2017-12-101-0/+5
| | | | | | | | | New module that sets the LDB_FLAG_INTERNAL_UNIQUE_VALUE on all local objectSIDS and ensure it is cleared for any foreign security principals. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* selftest: Rework samba.dsdb locking test to samba.dsdb_lockAndrew Bartlett2017-12-081-0/+1
| | | | | | | | | | | | | | | This avoids running the test while samba is modifying and locking the same database, as this can lead to a deadlock. The deadlock is not seen in production as the LDB read lock is not held while waiting for another process, but this test needs to do this to demonstrate the locking safety. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Dec 8 21:47:55 CET 2017 on sn-devel-144
* selftest: Add more corruption cases for runtime and dbcheckAndrew Bartlett2017-11-243-10/+29
| | | | | | | | These tests now confirm we can handle these issues at runtime as well as at dbcheck Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: add dbcheck tests for duplicate linksStefan Metzmacher2017-11-242-0/+36
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: detect and fix duplicate linksStefan Metzmacher2017-11-241-4/+5
| | | | | | | | | Check with git show -w BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Additional check for a backlink pointing at a deleted objectAndrew Bartlett2017-11-241-0/+6
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: add more dbcheck testsAndrew Bartlett2017-11-2410-20/+78
| | | | | | | | This validates some more combinations and ensures that the changes in 962a1b32201fce0a49c6be55943d4fbb57ed781e are tested. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dbcheck: Clarify error count bumping in deleted/gone DN handlingAndrew Bartlett2017-11-241-17/+17
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* gpo: Add gpo testsDavid Mulder2017-11-201-0/+4
| | | | | | | | Lays down a sysvol gpttmpl.inf with password policies, then runs the samba_gpoupdate command. Verifies policies are applied to the samdb. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: Add a blackbox test for smbcontrolGary Lockyer2017-10-191-0/+7
| | | | | | | | | Add tests to check that samba processes have started and that they can be pinged. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Rename ntlmauth tests to ntlmdisabledTim Beale2017-09-261-2/+2
| | | | | | | | | | There are already some existing ntlm_auth tests, so the new tests I've added make things a bit confusing. Also, ntlmdisabled probably better reflects the specific case we're trying to test. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Add new AD DC testenv with NTLM disabledTim Beale2017-09-261-1/+1
| | | | | | | | | | | | | This is so that we test the source4 case as well. Currently the only testenv with NTLM disabled is ktest, and that only exercises the source3 code. I've tried to support the new test environment with minimal changes to the Samba4.pm setup code. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Add some tests for linked attribute conflictsTim Beale2017-09-181-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have tests that check we can resolve object conflicts, but these don't test anything related to conflicting linked attributes. This patch adds some basic tests that checks that Samba can resolve conflicting linked attributes. This highlights some problems with Samba, as the following tests currently fail: - test_conflict_single_valued_link: Samba currently can't resolve a conflicting targets for a single-valued linked attribute - the replication exits with an error. - test_link_deletion_conflict: If 2 DCs add the same linked attribute, currently when they resolve this conflict the RMD_VERSION for the linked attribute incorrectly gets incremented. This means the version numbers get out of step and subsequent changes to the linked attribute can be dropped/ignored. - test_full_sync_link_conflict: fails for the same reason as above. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Mon Sep 18 09:56:41 CEST 2017 on sn-devel-144
* python:samba: Use 'binddns dir' in samba-tool and samba_upgradednsAndreas Schneider2017-09-056-9/+13
| | | | | | | | | | This provisions the bind_dlz files in the 'binddns dir'. If you want to migrate to the new files strcuture you can run samba_upgradedns! BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* s4-drsuapi: Avoid segfault when replicating as a non-admin with ↵Andrew Bartlett2017-08-291-0/+5
| | | | | | | | | | | | | | | | GUID_DRS_GET_CHANGES Users who are not administrator do not get b_state->sam_ctx_system filled in. We should probably use the 'sam_ctx' variable in all cases (instead of b_state->sam_ctx*), but I'll make this change in a separate patch, so that the bug fix remains independent from other tidy-ups. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* getncchanges.py: Add a new test for replicationTim Beale2017-08-181-0/+10
| | | | | | | | | | | | | | | | | | | | | | This adds a new test to check that if objects are modified during a replication, then those objects don't wind up missing from the replication data. Note that when this scenario occurs, samba returns the objects in a different order to Windows. This test doesn't care what order the replicated objects get returned in, so long as they all have been received by the end of the test. As part of this, I've refactored _check_replication() in drs_base.py so it can be reused in new tests. In these cases, the objects are split up over multiple different chunks. So asserting that the objects are returned in a specific order makes it difficult to run the same test on both Samba and Windows. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
View Lorry Controller Status