1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

2188 lines
121 KiB
Python
Raw Normal View History

#!/usr/bin/python
# This script generates a list of testsuites that should be run as part of
# the Samba 4 test suite.
# The output of this script is parsed by selftest.pl, which then decides
# which of the tests to actually run. It will, for example, skip all tests
# listed in selftest/skip or only run a subset during "make quicktest".
# The idea is that this script outputs all of the tests of Samba 4, not
# just those that are known to pass, and list those that should be skipped
# or are known to fail in selftest/skip or selftest/knownfail. This makes it
# very easy to see what functionality is still missing in Samba 4 and makes
# it possible to run the testsuite against other servers, such as Samba 3 or
# Windows that have a different set of features.
# The syntax for a testsuite is "-- TEST --" on a single line, followed
# by the name of the test, the environment it needs and the command to run, all
# three separated by newlines. All other lines in the output are considered
# comments.
import os
import sys
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../selftest"))
import selftesthelpers
from selftesthelpers import bindir, srcdir, binpath, python
from selftesthelpers import configuration, plantestsuite
from selftesthelpers import planpythontestsuite, planperltestsuite
from selftesthelpers import plantestsuite_loadlist
from selftesthelpers import skiptestsuite, source4dir, valgrindify
from selftesthelpers import smbtorture4_options, smbtorture4_testsuites
from selftesthelpers import smbtorture4, samba3srcdir
print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr)
def plansmbtorture4testsuite(name, env, options, modname=None, environ=None):
if environ is None:
environ = {}
return selftesthelpers.plansmbtorture4testsuite(name,
env,
options,
target='samba4',
modname=modname,
environ=environ)
samba4srcdir = source4dir()
DSDB_PYTEST_DIR = os.path.join(samba4srcdir, "dsdb/tests/python/")
subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None):
if extra_path is None:
extra_path = []
if environ is None:
environ = {}
if extra_args is None:
extra_args = []
environ = dict(environ)
py_path = list(extra_path)
if py_path:
environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
args = ["%s=%s" % item for item in environ.items()]
args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
args += extra_args
if name is None:
name = module
plantestsuite_loadlist(name, env, args)
samba4bindir = bindir()
validate = os.getenv("VALIDATE", "")
if validate:
validate_list = [validate]
else:
validate_list = []
nmblookup4 = binpath('nmblookup4')
smbclient4 = binpath('smbclient4')
smbclient3 = binpath('smbclient')
bbdir = os.path.join(srcdir(), "testprogs/blackbox")
# alias to highlight what tests we want to run against a DC with SMBv1 disabled
smbv1_disabled_testenv = "restoredc"
all_fl_envs = ["fl2000dc", "fl2003dc", "fl2008dc", "fl2008r2dc"]
# Simple tests for LDAP and CLDAP
for auth_type in ['', '-k no', '-k yes']:
for auth_level in ['--option=clientldapsaslwrapping=plain', '--client-protection=sign', '--client-protection=encrypt']:
creds = '-U"$USERNAME%$PASSWORD"'
options = creds + ' ' + auth_type + ' ' + auth_level
plantestsuite("samba4.ldb.ldap with options %r(ad_dc_default)" % options, "ad_dc_default", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options))
# see if we support ADS on the Samba3 side
try:
config_h = os.environ["CONFIG_H"]
except KeyError:
config_h = os.path.join(samba4bindir, "default/include/config.h")
# check available features
config_hash = dict()
f = open(config_h, 'r')
try:
lines = f.readlines()
config_hash = dict((x[0], ' '.join(x[1:]))
for x in map(lambda line: line.strip().split(' ')[1:],
list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines))))
finally:
f.close()
have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash)
have_cluster_support = "CLUSTER_SUPPORT" in config_hash
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
"%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
creds_options = [
'--simple-bind-dn=$USERNAME@$REALM --password=$PASSWORD',
]
peer_options = {
'SERVER_IP': '$SERVER_IP',
'SERVER_NAME': '$SERVER',
'SERVER.REALM': '$SERVER.$REALM',
}
tls_verify_options = [
'--option="tlsverifypeer=no_check"',
'--option="tlsverifypeer=ca_only"',
'--option="tlsverifypeer=ca_and_name_if_available"',
'--option="tlsverifypeer=ca_and_name"',
'--option="tlsverifypeer=as_strict_as_possible"',
]
# we use :local for fl2008r2dc because of the self-signed certificate
for env in ["ad_dc_ntvfs", "fl2008r2dc:local"]:
for peer_key in peer_options.keys():
peer_val = peer_options[peer_key]
for creds in creds_options:
for tls_verify in tls_verify_options:
options = creds + ' ' + tls_verify
plantestsuite("samba4.ldb.simple.ldaps with options %s %s(%s)" % (
peer_key, options, env), env,
"%s/test_ldb_simple.sh ldaps %s %s" % (bbdir, peer_val, options))
# test all "ldap server require strong auth" combinations
for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
options = '--simple-bind-dn="$USERNAME@$REALM" --password="$PASSWORD"'
plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
options += ' --option="tlsverifypeer=no_check"'
plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
auth_options = [
'--option=clientldapsaslwrapping=plain',
'--client-protection=sign',
'--client-protection=encrypt',
'--use-kerberos=required --option=clientldapsaslwrapping=plain',
'--use-kerberos=required --client-protection=sign',
'--use-kerberos=required --client-protection=encrypt',
'--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
'--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
'--use-kerberos=disabled --client-protection=sign',
'--use-kerberos=disabled --client-protection=encrypt',
]
for auth_option in auth_options:
options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
envraw = "fl2008r2dc"
env = "%s:local" % envraw
plantestsuite("samba4.ldap_tls_reload(%s)" % (env), env,
"%s/test_ldap_tls_reload.sh $PREFIX_ABS $PREFIX_ABS/%s/private/tls $SERVER.$REALM" % (bbdir, envraw))
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
"%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))
for t in smbtorture4_testsuites("ldap."):
if t == "ldap.nested-search":
plansmbtorture4testsuite(t, "ad_dc_default_smb1", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_')
elif t == "ldap.session-expiry":
# This requires kerberos and thus the server name
plansmbtorture4testsuite(
t, "ad_dc_default", '-U"$USERNAME%$PASSWORD" //$DC_SERVER/_none_')
else:
plansmbtorture4testsuite(
t,
"ad_dc_default",
'-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_ -D "$USERNAME"@"$REALM"##"$PASSWORD"')
for t in smbtorture4_testsuites("dsdb."):
plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
ldbdir = os.path.join(srcdir(), "lib/ldb")
# Don't run LDB tests when using system ldb, as we won't have ldbtest installed
if os.path.exists(os.path.join(samba4bindir, "ldbtest")):
plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir))
else:
skiptestsuite("ldb.base", "Using system LDB, ldbtest not available")
plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
"ad_dc_ntvfs:local",
[python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"),
'$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
# Tests for RPC
# add tests to this list as they start passing, so we test
# that they stay passing
ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
drs_rpc_tests = smbtorture4_testsuites("drs.rpc")
ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
slow_ncacn_np_tests = ["rpc.samlogon",
"rpc.samr",
"rpc.samr.users",
"rpc.samr.large-dc",
"rpc.samr.users.privileges",
"rpc.samr.passwords.default",
"rpc.samr.passwords.pwdlastset",
"rpc.samr.passwords.lockout",
"rpc.samr.passwords.badpwdcount"]
slow_ncacn_ip_tcp_tests = ["rpc.cracknames"]
all_rpc_tests = ncalrpc_tests + ncacn_np_tests + ncacn_ip_tcp_tests + slow_ncacn_np_tests + slow_ncacn_ip_tcp_tests + ["rpc.lsa.secrets", "rpc.pac", "rpc.samba3-sharesec", "rpc.countcalls"]
# Filter RPC tests that should not run against ad_dc_ntvfs
rpc_s3only = [
"rpc.mdssvc",
]
rpc_fipsonly = [
"rpc.fips.netlogon.crypto",
]
rpc_exclude = rpc_s3only + rpc_fipsonly
rpc_tests = [x for x in smbtorture4_testsuites("rpc.") if x not in rpc_exclude]
auto_rpc_tests = list(filter(lambda t: t not in all_rpc_tests, rpc_tests))
for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
for transport in ["ncalrpc", "ncacn_np", "ncacn_ip_tcp"]:
env = "ad_dc_default"
local = ""
if transport == "ncalrpc":
tests = ncalrpc_tests
local = ":local"
elif transport == "ncacn_np":
tests = ncacn_np_tests
elif transport == "ncacn_ip_tcp":
tests = ncacn_ip_tcp_tests
2011-12-08 02:42:08 +01:00
else:
raise AssertionError("invalid transport %r" % transport)
for t in tests:
if t == "rpc.netlogon":
env = "ad_dc_ntvfs"
elif t == "rpc.join":
env = "ad_dc_default_smb1"
plansmbtorture4testsuite(t, env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
plansmbtorture4testsuite('rpc.samba3-sharesec', env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:share=tmp'], "samba4.rpc.samba3.sharesec on %s with %s" % (transport, bindoptions))
# Plugin S4 DC tests (confirms named pipe auth forwarding). This can be expanded once kerberos is supported in the plugin DC
#
for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
for t in ncacn_np_tests:
env = "ad_dc"
transport = "ncacn_np"
if t in ["rpc.authcontext", "rpc.join"]:
env = "ad_dc_smb1"
plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
for bindoptions in [""] + validate_list + ["bigendian"]:
for t in auto_rpc_tests:
env = "ad_dc_default"
if t in ["rpc.srvsvc", "rpc.mgmt"]:
env = "ad_dc_ntvfs"
elif t == "rpc.join":
env = "ad_dc_default_smb1"
plansmbtorture4testsuite(t, env, ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
t = "rpc.countcalls"
plansmbtorture4testsuite(t, "ad_dc_default:local", ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s" % t)
for transport in ["ncacn_np", "ncacn_ip_tcp"]:
env = "ad_dc_slowtests"
if transport == "ncacn_np":
tests = slow_ncacn_np_tests
elif transport == "ncacn_ip_tcp":
tests = slow_ncacn_ip_tcp_tests
2011-12-08 02:42:08 +01:00
else:
raise AssertionError("Invalid transport %r" % transport)
for t in tests:
bindoptions = ''
if t == 'rpc.cracknames':
bindoptions = 'seal'
plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
# Tests for the DFS referral calls implementation
for t in smbtorture4_testsuites("dfs."):
plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "ad_dc_smb1", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
# Tests for the NET API (net.api.become.dc tested below against all the roles)
net_tests = list(filter(lambda x: "net.api.become.dc" not in x, smbtorture4_testsuites("net.")))
for t in net_tests:
plansmbtorture4testsuite(t, "ad_dc_default", '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
# Tests for session keys and encryption of RPC pipes
# FIXME: Integrate these into a single smbtorture test
transport = "ncacn_np"
for env in ["ad_dc_default", "nt4_dc"]:
for ntlmoptions in [
"-k no --option=clientusespnego=yes",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
"-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
"-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes",
"-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
"-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
"-k no --option=clientusespnego=no --option=clientntlmv2auth=yes",
"-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes",
"-k no --option=clientusespnego=no"]:
name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient3, '$SMB_CONF_PATH', configuration])
gpo = smbtorture4_testsuites("gpo.")
for t in gpo:
plansmbtorture4testsuite(t, 'ad_dc:local', ['//$SERVER/sysvol', '-U$USERNAME%$PASSWORD'])
transports = ["ncacn_np", "ncacn_ip_tcp"]
# Kerberos varies between functional levels, so it is important to check this on all of them
for env in all_fl_envs:
transport = "ncacn_np"
plansmbtorture4testsuite('rpc.pac', env, ["%s:$SERVER[]" % (transport, ), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.pac on %s" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME', 'rpc.lsa.secrets'], "samba4.rpc.lsa.secrets on %s with Kerberos" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use target principal" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=dcom/$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dcom" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, [r"%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport)
plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME', '--option=gensec_krb5:send_authenticator_checksum=false'], "samba4.rpc.lsa.secrets on %s with Kerberos - use raw-krb5-no-authenticator-checksum style login" % transport)
plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:fake_gssapi_krb5=yes', '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login, use target principal" % transport)
# Winreg tests test bulk Kerberos encryption of DCE/RPC
# We test rpc.winreg here too, because the winreg interface if
# handled by the source3/rpc_server code.
for bindoptions in ["connect", "packet", "krb5", "krb5,packet", "krb5,sign", "krb5,seal", "spnego", "spnego,packet", "spnego,sign", "spnego,seal"]:
plansmbtorture4testsuite('rpc.winreg', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.winreg on %s with %s" % (transport, bindoptions))
for transport in transports:
plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, ))
# Echo tests test bulk Kerberos encryption of DCE/RPC
for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]:
echooptions = "--option=socket:testnonblock=True --option=torture:quick=yes -k yes"
plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), echooptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, echooptions))
for env in ["fl2000dc", "fl2008r2dc"]:
plansmbtorture4testsuite("net.api.become.dc", env, '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
for bindoptions in ["sign", "seal"]:
plansmbtorture4testsuite('rpc.backupkey', "ad_dc_default", ["ncacn_np:$SERVER[%s]" % (bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.backupkey with %s" % (bindoptions))
for transport in transports:
for bindoptions in ["sign", "seal"]:
for ntlmoptions in [
"--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes",
"--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes",
"--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
"--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
"--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
"--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
"--option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
"--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes --option=torture:quick=yes",
"--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes"]:
if transport == "ncalrpc":
env = "ad_dc_default:local"
else:
env = "ad_dc_default"
plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, ntlmoptions))
plansmbtorture4testsuite('rpc.echo', "ad_dc_default", ['ncacn_np:$SERVER[smb2]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on ncacn_np over smb2")
for env in ["ad_dc", "nt4_dc"]:
plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_np:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_np with object")
plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_ip_tcp:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_ip_tcp with object")
plansmbtorture4testsuite('ntp.signd', "ad_dc_default:local", ['ncacn_np:$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.ntp.signd")
nbt_tests = smbtorture4_testsuites("nbt.")
for t in nbt_tests:
plansmbtorture4testsuite(t, "ad_dc_ntvfs", "//$SERVER/_none_ -U\"$USERNAME%$PASSWORD\"")
# Tests against the NTVFS POSIX backend
ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"]
# Filter smb2 tests that should not run against ad_dc_ntvfs
smb2_s3only = [
"smb2.change_notify_disabled",
"smb2.dosmode",
"smb2.credits",
"smb2.kernel-oplocks",
"smb2.durable-v2-delay",
"smb2.aio_delay",
"smb2.fileid",
"smb2.timestamps",
"smb2.async_dosmode",
"smb2.twrp",
"smb2.ea",
"smb2.create_no_streams",
]
smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only]
# The QFILEINFO-IPC test needs to be on ipc$
raw = list(filter(lambda x: "raw.qfileinfo.ipc" not in x, smbtorture4_testsuites("raw.")))
base = smbtorture4_testsuites("base.")
netapi = smbtorture4_testsuites("netapi.")
for t in base + raw + smb2 + netapi:
plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$SERVER/tmp', '-U$USERNAME%$PASSWORD'] + ntvfsargs)
libsmbclient = smbtorture4_testsuites("libsmbclient.")
protocols = [ 'NT1', 'SMB3' ]
for t in libsmbclient:
url = "smb://$USERNAME:$PASSWORD@$SERVER/tmp"
if t == "libsmbclient.list_shares":
url = "smb://$USERNAME:$PASSWORD@$SERVER"
if t == "libsmbclient.utimes":
url += "/utimes.txt"
libsmbclient_testargs = [
'//$SERVER/tmp',
'-U$USERNAME%$PASSWORD',
"--option=torture:smburl=" + url,
"--option=torture:replace_smbconf="
"%s/testdata/samba3/smb_new.conf" % srcdir()
]
for proto in protocols:
plansmbtorture4testsuite(
t,
"nt4_dc" if proto == "SMB3" else "nt4_dc_smb1_done",
libsmbclient_testargs +
[ "--option=torture:clientprotocol=%s" % proto],
"samba4.%s.%s" % (t, proto))
url = "smb://baduser:invalidpw@$SERVER/tmpguest"
t = "libsmbclient.noanon_list"
libsmbclient_testargs = [
'//$SERVER/tmpguest',
'-U$USERNAME%$PASSWORD',
"--option=torture:smburl=" + url,
"--option=torture:replace_smbconf="
"%s/testdata/samba3/smb_new.conf" % srcdir()
]
for proto in protocols:
plansmbtorture4testsuite(t,
"maptoguest",
libsmbclient_testargs +
[ "--option=torture:clientprotocol=%s" % proto],
"samba4.%s.baduser.%s" % (t, proto))
plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
for t in smbtorture4_testsuites("rap."):
plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/IPC\$ -U$USERNAME%$PASSWORD')
# Tests against the NTVFS CIFS backend
for t in base + raw:
plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=yes'] + ntvfsargs, modname="samba4.ntvfs.cifs.krb5.%s" % t)
# Test NTVFS CIFS backend with S4U2Self and S4U2Proxy
t = "base.unlink"
plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=yes'] + ntvfsargs, "samba4.ntvfs.cifs.krb5.%s" % t)
plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
plansmbtorture4testsuite('echo.udp', 'ad_dc_ntvfs:local', '//$SERVER/whatever')
# Local tests
for t in smbtorture4_testsuites("local."):
# The local.resolve test needs a name to look up using real system (not emulated) name routines
plansmbtorture4testsuite(t, "none", "ncalrpc:localhost")
# Confirm these tests with the system iconv too
for t in ["local.convert_string_handle", "local.convert_string", "local.ndr"]:
options = "ncalrpc: --option='iconv:use_builtin_handlers=false'"
plansmbtorture4testsuite(t, "none", options,
modname="samba4.%s.system.iconv" % t)
tdbtorture4 = binpath("tdbtorture")
if os.path.exists(tdbtorture4):
plantestsuite("tdb.stress", "none", valgrindify(tdbtorture4))
else:
skiptestsuite("tdb.stress", "Using system TDB, tdbtorture not available")
plansmbtorture4testsuite("drs.unit", "none", "ncalrpc:")
# Pidl tests
for f in sorted(os.listdir(os.path.join(samba4srcdir, "../pidl/tests"))):
if f.endswith(".pl"):
2010-09-30 18:29:58 +02:00
planperltestsuite("pidl.%s" % f[:-3], os.path.normpath(os.path.join(samba4srcdir, "../pidl/tests", f)))
2011-11-11 00:32:09 +01:00
# DNS tests
plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns", "rodc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns", "vampire_dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns_aging", "fl2003dc:local",
[python,
f"{srcdir()}/python/samba/tests/dns_aging.py",
'$SERVER',
'$SERVER_IP',
'--machine-pass',
'-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN',
'$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns_forwarder.py"), '$SERVER', '$SERVER_IP', '$DNS_FORWARDER1', '$DNS_FORWARDER2', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.dns_packet",
"ad_dc",
[python,
'-msamba.subunit.run',
'$LOADLIST',
"$LISTOPT"
"samba.tests.dns_packet"
])
plantestsuite_loadlist("samba.tests.sddl",
"none",
[python,
'-msamba.subunit.run',
'$LOADLIST',
"$LISTOPT"
"samba.tests.sddl"
])
plantestsuite_loadlist("samba.tests.sddl_conditional_ace",
"none",
[python,
'-msamba.subunit.run',
'$LOADLIST',
"$LISTOPT"
"samba.tests.sddl_conditional_ace"
])
for t in smbtorture4_testsuites("dns_internal."):
plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever')
# These tests want to run on a barely changed fresh provision, before
# too much happens to this environment.
planpythontestsuite("chgdcpass:local", "samba.tests.dsdb_quiet_provision_tests")
# Local tests
for t in smbtorture4_testsuites("dlz_bind9."):
# The dlz_bind9 tests needs to look at the DNS database
plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
2011-11-11 00:32:09 +01:00
planpythontestsuite("fileserver_smb1", "samba.tests.libsmb-basic")
planpythontestsuite("ad_member", "samba.tests.smb-notify",
environ={'USERNAME':'$DC_USERNAME',
'PASSWORD':'$DC_PASSWORD',
'USERNAME_UNPRIV':'alice',
'PASSWORD_UNPRIV':'Secret007',
'STRICT_CHECKING':'0',
'NOTIFY_SHARE':'notify_priv'})
# Blackbox Tests:
# tests that interact directly with the command-line tools rather than using
# the API. These mainly test that the various command-line options of commands
# work correctly.
# smbtorture --fullname parameter test
plantestsuite("samba4.blackbox.smbtorture_subunit_names", "none",
[
os.path.join(bbdir, "test_smbtorture_test_names.sh"),
smbtorture4
])
for env in ["ad_member", "ad_dc_ntvfs", "chgdcpass"]:
plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
plantestsuite("samba4.blackbox.samba_tool(ad_dc_default:local)", "ad_dc_default:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient3])
plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])
plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.test_alias_membership", "ad_member_idmap_rid:local", [os.path.join(bbdir, "test_alias_membership.sh"), '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
planpythontestsuite("ad_dc_default", "samba.tests.blackbox.claims")
if have_heimdal_support:
plantestsuite("samba4.blackbox.kpasswd",
"ad_dc:local",
[
os.path.join(bbdir, "test_kpasswd_heimdal.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
"$PREFIX",
configuration
])
plantestsuite("samba4.blackbox.krb5.s4u",
"fl2008r2dc:local",
[
os.path.join(bbdir, "test_s4u_heimdal.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$TRUST_SERVER',
'$TRUST_USERNAME',
'$TRUST_PASSWORD',
'$TRUST_REALM',
'$TRUST_DOMAIN',
'$PREFIX',
configuration
])
else:
plantestsuite("samba4.blackbox.kpasswd",
"ad_dc:local",
[
os.path.join(bbdir, "test_kpasswd_mit.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
"$PREFIX",
configuration
])
plantestsuite("samba4.blackbox.kinit_simple",
"ad_dc:local",
[
os.path.join(bbdir, "test_kinit.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$PREFIX',
smbclient3,
configuration
])
plantestsuite("samba4.blackbox.kinit_simple",
"fl2000dc:local",
[
os.path.join(bbdir, "test_kinit.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$PREFIX',
smbclient3,
configuration
])
plantestsuite("samba4.blackbox.kinit_simple",
"fl2008r2dc:local",
[
os.path.join(bbdir, "test_kinit.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$PREFIX',
smbclient3,
configuration
])
plantestsuite("samba4.blackbox.kinit_trust",
"fl2008r2dc:local",
[
os.path.join(bbdir, "test_kinit_trusts.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$TRUST_SERVER',
'$TRUST_USERNAME',
'$TRUST_PASSWORD',
'$TRUST_REALM',
'$TRUST_DOMAIN',
'$PREFIX',
"forest",
configuration
])
plantestsuite("samba4.blackbox.kinit_trust",
"fl2003dc:local",
[
os.path.join(bbdir, "test_kinit_trusts.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$TRUST_SERVER',
'$TRUST_USERNAME',
'$TRUST_PASSWORD',
'$TRUST_REALM',
'$TRUST_DOMAIN',
'$PREFIX',
"external",
configuration
])
plantestsuite("samba4.blackbox.kinit_trust",
"fl2000dc:local",
[
os.path.join(bbdir, "test_kinit_trusts.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$TRUST_SERVER',
'$TRUST_USERNAME',
'$TRUST_PASSWORD',
'$TRUST_REALM',
'$TRUST_DOMAIN',
'$PREFIX',
"external",
configuration
])
plantestsuite("samba4.blackbox.kinit.export.keytab",
"ad_dc:local",
[
os.path.join(bbdir, "test_kinit_export_keytab.sh"),
'$SERVER',
'$USERNAME',
'$REALM',
'$DOMAIN',
"$PREFIX",
smbclient3,
configuration
])
plantestsuite("samba4.blackbox.pkinit_simple",
"ad_dc:local",
[os.path.join(bbdir, "test_pkinit_simple.sh"),
'$SERVER',
'pkinit',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$PREFIX/ad_dc',
smbclient3,
configuration])
plantestsuite("samba4.blackbox.pkinit_pac",
"ad_dc:local",
[os.path.join(bbdir, "test_pkinit_pac.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
'$PREFIX/ad_dc',
configuration])
plantestsuite("samba.blackbox.client_kerberos", "ad_dc", [os.path.join(bbdir, "test_client_kerberos.sh"), '$DOMAIN', '$REALM', '$USERNAME', '$PASSWORD', '$SERVER', '$PREFIX_ABS', '$SMB_CONF_PATH'])
env="ad_member:local"
plantestsuite("samba.blackbox.rpcclient_schannel",
env,
[os.path.join(bbdir, "test_rpcclient_schannel.sh"),
'$DOMAIN',
'$REALM',
'$DC_USERNAME',
'$DC_PASSWORD',
'$DC_SERVER',
'$PREFIX_ABS',
'$SMB_CONF_PATH',
env])
env="ad_member_fips:local"
plantestsuite("samba.blackbox.rpcclient_schannel",
env,
[os.path.join(bbdir, "test_rpcclient_schannel.sh"),
'$DOMAIN',
'$REALM',
'$DC_USERNAME',
'$DC_PASSWORD',
'$DC_SERVER',
'$PREFIX_ABS',
'$SMB_CONF_PATH',
env],
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "fl2000dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
plantestsuite("samba4.blackbox.trust_utils(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
plantestsuite("samba4.blackbox.trust_token", "fl2008r2dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'forest'])
plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
plantestsuite("samba4.blackbox.trust_token", "fl2000dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
plantestsuite("samba4.blackbox.password_settings",
"ad_dc:local",
[
os.path.join(bbdir, "test_password_settings.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
"$PREFIX",
configuration
])
plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
plantestsuite("samba4.blackbox.rfc2307_mapping",
"ad_dc:local",
[
os.path.join(samba4srcdir,
"../nsswitch/tests/test_rfc2307_mapping.sh"),
'$DOMAIN',
'$USERNAME',
'$PASSWORD',
"$SERVER",
"$UID_RFC2307TEST",
"$GID_RFC2307TEST",
configuration
])
plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3])
plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.net_offlinejoin", "ad_dc:client", [os.path.join(bbdir, "test_net_offline.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23'])
plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID', configuration])
env = "ad_member:local"
plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env,
[os.path.join(bbdir, "test_net_ads_search_server.sh"),
'$DC_SERVER', '$REALM'])
plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_e_both", env,
[os.path.join(bbdir, "test_net_ads_search_server.sh"),
'$TRUST_E_BOTH_SERVER', '$TRUST_E_BOTH_REALM'])
plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_f_both", env,
[os.path.join(bbdir, "test_net_ads_search_server.sh"),
'$TRUST_F_BOTH_SERVER', '$TRUST_F_BOTH_REALM'])
if have_gnutls_fips_mode_support:
plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"])
plantestsuite("samba4.blackbox.test_weak_disable_ntlmssp_ldap", "ad_member:local", [os.path.join(bbdir, "test_weak_disable_ntlmssp_ldap.sh"),'$DC_USERNAME', '$DC_PASSWORD'])
for env in ["ad_dc_fips", "ad_member_fips"]:
plantestsuite("samba4.blackbox.weak_crypto.server",
env,
[os.path.join(bbdir, "test_weak_crypto_server.sh"),
'$SERVER',
'$USERNAME',
'$PASSWORD',
'$REALM',
'$DOMAIN',
"$PREFIX/ad_dc_fips",
configuration],
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
plantestsuite("samba4.blackbox.net_ads_fips",
"ad_dc_fips:client",
[os.path.join(bbdir, "test_net_ads_fips.sh"),
'$DC_SERVER',
'$DC_USERNAME',
'$DC_PASSWORD',
'$PREFIX_ABS'],
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
t = "--krb5auth=$DOMAIN/$DC_USERNAME%$DC_PASSWORD"
plantestsuite("samba3.wbinfo_simple.fips.%s" % t,
"ad_member_fips:local",
[os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t],
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
plantestsuite("samba4.wbinfo_name_lookup.fips",
"ad_member_fips",
[os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_name_lookup.sh"),
'$DOMAIN',
'$REALM',
'$DC_USERNAME'],
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
plansmbtorture4testsuite('rpc.fips.netlogon.crypto',
'ad_dc_fips',
['ncacn_np:$SERVER[krb5]',
'-U$USERNAME%$PASSWORD',
'--workgroup=$DOMAIN',
'--client-protection=encrypt'],
'samba4.rpc.fips.netlogon.crypto',
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
plansmbtorture4testsuite('rpc.echo', "ad_dc_ntvfs", ['ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD'], "samba4.rpc.echo against NetBIOS alias")
# Test wbinfo trust auth
for env in ["ad_member_oneway:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
for t in ["--krb5auth=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
"--krb5auth=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD",
"--authenticate=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
"--authenticate=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD"]:
plantestsuite("samba3.wbinfo_simple.trust:%s" % t, env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
# json tests hook into ``chgdcpass'' to make them run in contributor CI on
# gitlab
planpythontestsuite("chgdcpass", "samba.tests.blackbox.netads_json")
# Tests using the "Simple" NTVFS backend
for t in ["base.rw1"]:
plansmbtorture4testsuite(t, "ad_dc_ntvfs", ["//$SERVER/simple", '-U$USERNAME%$PASSWORD'], modname="samba4.ntvfs.simple.%s" % t)
# Domain S4member Tests
plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.echo against s4member server with local creds")
plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], "samba4.rpc.echo against s4member server with domain creds")
plansmbtorture4testsuite('rpc.samr', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr against s4member server with local creds")
plansmbtorture4testsuite('rpc.samr.users', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr.users against s4member server with local creds",)
plansmbtorture4testsuite('rpc.samr.passwords.default',
"s4member",
['ncacn_np:$NETBIOSNAME',
'-U$NETBIOSNAME/$USERNAME%$PASSWORD'],
"samba4.rpc.samr.passwords.default against s4member server with local creds")
plantestsuite("samba4.blackbox.smbclient against s4member server with local creds", "s4member", [os.path.join(samba4srcdir, "client/tests/test_smbclient.sh"), '$NETBIOSNAME', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX', smbclient4])
# RPC Proxy
plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], modname="samba4.rpc.echo against rpc proxy with domain creds")
# Tests SMB signing
for mech in [
"-k no",
"-k no --option=clientusespnego=no",
"-k no --option=gensec:spengo=no",
"-k yes",
"-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
for signing in ["--option=clientsigning=desired", "--option=clientsigning=required"]:
signoptions = "%s %s" % (mech, signing)
name = "smb.signing on with %s" % signoptions
plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], modname="samba4.%s" % name)
for mech in [
"-k no",
"-k no --option=clientusespnego=no",
"-k no --option=gensec:spengo=no",
"-k yes"]:
signoptions = "%s --client-protection=off" % mech
name = "smb.signing disabled on with %s" % signoptions
plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], "samba4.%s" % name)
plansmbtorture4testsuite('base.xcopy', "ad_dc",
['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient3])
for mech in [
"-k no",
"-k no --option=clientusespnego=no",
"-k no --option=gensec:spengo=no"]:
signoptions = "%s --client-protection=off" % mech
plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)
plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=desired', '-U%'], modname="samba4.smb.signing --option=clientsigning=desired anon")
plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=required', '-U%'], modname="samba4.smb.signing --option=clientsigning=required anon")
plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=disabled', '-U%'], modname="samba4.smb.signing --option=clientsigning=disabled anon")
# Test SPNEGO without issuing an optimistic token
opt='--option=spnego:client_no_optimistic=yes'
plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'no'], modname="samba4.smb.spnego.ntlmssp.no_optimistic")
plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'yes'], modname="samba4.smb.spnego.krb5.no_optimistic")
wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""]
winbind_ad_client_tests = smbtorture4_testsuites("winbind.struct") + smbtorture4_testsuites("winbind.pac")
winbind_wbclient_tests = smbtorture4_testsuites("winbind.wbclient")
for env in ["ad_dc", "ad_member", "nt4_member"]:
wb_opts = wb_opts_default[:]
if env in ["ad_member"]:
wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""]
for t in winbind_ad_client_tests:
plansmbtorture4testsuite(t, "%s:local" % env, wb_opts + ['//$SERVER/tmp', '--realm=$REALM', '--machine-pass', '--option=torture:addc=$DC_SERVER'])
for env in ["nt4_dc", "fl2003dc"]:
for t in winbind_wbclient_tests:
plansmbtorture4testsuite(t, "%s:local" % env, '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "chgdcpass", "rodc"]:
tests = ["--ping", "--separator",
"--own-domain",
"--all-domains",
"--trusted-domains",
"--domain-info=BUILTIN",
"--domain-info=$DOMAIN",
"--online-status",
"--online-status --domain=BUILTIN",
"--online-status --domain=$DOMAIN",
"--check-secret --domain=$DOMAIN",
"--change-secret --domain=$DOMAIN",
"--check-secret --domain=$DOMAIN",
"--online-status --domain=$DOMAIN",
"--domain-users",
"--domain-groups",
"--name-to-sid=$DC_USERNAME",
"--name-to-sid=$DOMAIN/$DC_USERNAME",
"--user-info=$DOMAIN/$DC_USERNAME",
"--user-groups=$DOMAIN/$DC_USERNAME",
"--authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD",
"--allocate-uid",
"--allocate-gid"]
for t in tests:
plantestsuite("samba.wbinfo_simple.%s" % (t.replace(" --", ".").replace("--", "")), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
plantestsuite(
"samba.wbinfo_sids2xids.(%s:local)" % env, "%s:local" % env,
[os.path.join(samba3srcdir, "script/tests/test_wbinfo_sids2xids.sh")])
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth")
plantestsuite(
"samba.wbinfo_u_large_ad.(ad_dc:local)",
"ad_dc:local",
[os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")])
for env in ["ktest"]:
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5")
for env in ["s4member_dflt_domain", "s4member"]:
for cmd in ["id", "getent"]:
users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
if env == "s4member":
users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"]
for usr in users:
plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir, cmd, usr))
nsstest4 = binpath("nsstest")
for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]:
if os.path.exists(nsstest4):
nsswitch: reduce dependecies to private libraries and link static/builtin if possible Over the last month I got more and more reports, that it's not possible to use a custom Samba version on systems with sssd being installed, which depends on some specific samba libraries installed in the system. One major problem is that the custom libnss_winbind.so.2 depends on the libreplace-samba4.so of the custom build and also injects an RPATH into the running process. When sssd uses any nss library call it will get this, when it then tries to load some of its plugins via dlopen(), e.g. ldd /usr/lib64/sssd/libsss_ad.so| grep samba libsamba-util.so.0 => /lib64/libsamba-util.so.0 libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so libsamba-errors.so.1 => /lib64/libsamba-errors.so.1 libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so When that loads dlopen() will fail as a soname libreplace-samba4.so is already loaded, but the symbol version within the other one don't match, as the contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3. This is just an example and similar things can happen in all situations where we provide libraries, which are potentially injected into every process of the running system. These should only depend on libc.so and related basic system libraries in order to avoid the problem. We have the following libraries, which are in the that category: - libnss_winbind.so.2 - libnss_wins.so.2 - pam_winbind.so - winbind_krb5_locator.so - async_dns_krb5_locator.so The rules of library loading are really complex and symbol versioning is not enough to solve it, only the combination of unique soname and unique symbol version suffix seem to solve the problem, but injecting an RPATH is still a problem. In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM() definitions with 'hide_symbols=True' in order to do some static linking of selected components, e.g. bld.SAMBA_SUBSYSTEM('replace-hidden', source=REPLACE_SOURCE, group='base_libraries', hide_symbols=True, deps='dl attr' + extra_libs) It's relatively simple to get to the point where the following are completely static: - libnss_winbind.so.2 - libnss_wins.so.2 - pam_winbind.so - winbind_krb5_locator.so But 'async_dns_krb5_locator.so' links in almost everything! It seems we install the krb5 plugins into our own $MODULESDIR/krb5/, so it may not be so critical, as long it's the admin who created the desired symlinks into the location the kerberos libraries search for plugins. Note the at least the locator plugins are always loaded without any configuration, every .so in a special path are loaded with dlopen(). This is done by every application using kerberos, so we load a lot of samba libraries into them. Packagers should not put async_dns_krb5_locator.so (nor a symlink) into the path that's reachable by libkrb5.so. As a longterm solution we may want to change async_dns_krb5_locator.so to use a helper process with posix_spawn() instead of doing everything within the process. Note I added hiden_symbols=True to the nss modules for Linux and FreeBSD only, because these are the only platforms I'm able to test on. We most likely should do the same on other platforms, but some with access to the platform should provide a tested patch. In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with '-hidden', I added the 'provide_builtin_linking=True' option, as the logic is very similar to what we already have with the '--builtin-libraries=BUILTIN_LIBRARIES' configure option. SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order to make it more strict that these plugins can't be used as normal depedency by other subsystems and libraries. While being there it was easy enough to make libwbclient.so also standalone without dependecies to other samba libraries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-01 12:08:16 +02:00
plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "plugins/libnss_wrapper_winbind.so.2")])
else:
skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
if have_gnutls_fips_mode_support:
planoldpythontestsuite("ad_dc",
"samba.tests.dcerpc.createtrustrelax",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
planoldpythontestsuite("ad_dc_fips",
"samba.tests.dcerpc.createtrustrelax",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
# Run complex search expressions test once for each database backend.
# Right now ad_dc has mdb and ad_dc_ntvfs has tdb
mdb_testenv = "ad_dc"
tdb_testenv = "ad_dc_ntvfs"
for testenv in [mdb_testenv, tdb_testenv]:
planoldpythontestsuite(testenv, "samba.tests.complex_expressions", extra_args=['-U"$USERNAME%$PASSWORD"'])
# samba.tests.gensec is only run in ad_dc to ensure it runs with and
# MIT and Heimdal build, it can run against any environment that
# supports FAST
planoldpythontestsuite("ad_dc:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.sam")
planpythontestsuite("ad_dc_default:local", "samba.tests.dsdb")
planpythontestsuite("none", "samba.tests.samba_startup_fl_change")
planpythontestsuite("none", "samba.tests.dsdb_lock")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.bare")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.lsa")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.unix")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.timecmd")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.join")
planpythontestsuite("ad_dc_default:local", "samba.tests.ldap_whoami")
planpythontestsuite("ad_member_s3_join", "samba.tests.samba_tool.join_member")
planpythontestsuite("ad_dc_default",
"samba.tests.samba_tool.join_lmdb_size")
planpythontestsuite("ad_dc_default",
"samba.tests.samba_tool.drs_clone_dc_data_lmdb_size")
planpythontestsuite("ad_dc_default",
"samba.tests.samba_tool.promote_dc_lmdb_size")
planpythontestsuite("none", "samba.tests.samba_tool.visualize")
# test fsmo show
for env in all_fl_envs:
planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo")
# test getpassword for group managed service accounts
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_getpassword_gmsa")
# test samba-tool user, group, contact and computer edit command
for env in all_fl_envs:
env += ":local"
plantestsuite("samba.tests.samba_tool.user_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/user_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
plantestsuite("samba.tests.samba_tool.group_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/group_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
plantestsuite("samba.tests.samba_tool.contact_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/contact_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
plantestsuite("samba.tests.samba_tool.computer_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/computer_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
# We run this test against both AD DC implementations because it is
# the only test we have of GPO get/set behaviour, and this involves
# the file server as well as the LDAP server.
# It's also a good sanity-check that sysvol backup worked correctly.
for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
smbv1_disabled_testenv]:
planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo")
for env in ["ad_dc_ntvfs", "ad_dc"]:
planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo_exts")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_policy")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_silo")
for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]:
planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest")
for env, nt_hash in [("ad_dc:local", True),
("ad_dc_no_ntlm:local", False)]:
planpythontestsuite(env, "samba.tests.samba_tool.user",
environ={"EXPECT_NT_HASH": int(nt_hash)})
# test get-kerberos-ticket for locally accessible and group managed service accounts
planpythontestsuite(env, "samba.tests.samba_tool.user_get_kerberos_ticket")
planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword")
planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg")
planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.group")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.ou")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.computer")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.contact")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.forest")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.schema")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_claim")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_policy")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_silo")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_kds_root_key")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_models")
planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema")
planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl")
planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check")
planpythontestsuite("none", "samba.tests.samba_tool.provision_lmdb_size")
planpythontestsuite("none", "samba.tests.samba_tool.provision_userPassword_crypt")
planpythontestsuite("none", "samba.tests.samba_tool.help")
# Make sure samba-tool can execute without import failures when run
# without the ad-dc built. The fileserver test environment runs against
# the samba-h5l-build autobuild. This build was chosen because it's
# configured with --without-ad-dc and does not disable ads, which is
# required to run some samba-tool commands.
planpythontestsuite("fileserver", "samba.tests.samba_tool.help")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.passwordsettings")
planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.dsacl")
planpythontestsuite("none", "samba.tests.samba_upgradedns_lmdb")
# Run these against chgdcpass to share the runtime load
planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.sites")
planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.dnscmd")
# Run this against chgdcpass to ensure at least one python3 test
# against this autobuild target (samba-ad-dc-2)
planpythontestsuite("chgdcpass:local", "samba.tests.dcerpc.rpcecho")
planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAME%$PASSWORD"'])
test_bin = os.path.abspath(os.path.join(os.getenv('BINDIR', './bin'), '../python/samba/tests/bin'))
planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"'],
environ={'PATH':':'.join([test_bin, os.getenv('PATH', '')])})
planoldpythontestsuite("ad_member", "samba.tests.gpo_member", extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.sid_strings")
# Run the import test in environments that may not have the ad-dc built
envs = ['fileserver_smb1', 'nt4_member', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']
if have_cluster_support:
envs.append('clusteredmember')
for env in envs:
planoldpythontestsuite(env, "samba.tests.imports")
have_fast_support = 1
claims_support = 1
# MIT
kadmin_is_tgs = int('SAMBA4_USES_HEIMDAL' not in config_hash)
# Heimdal
compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash)
expect_nt_status = int('SAMBA4_USES_HEIMDAL' in config_hash)
as_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
tgs_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
tests/krb5: Add PK-INIT testing framework To run these tests standalone, you will need the certificate and private key of the Certificate Authority. These can be specified together in the same file with the environment variable CA_CERT, or the private key may be specified in its own file with CA_PRIVATE_KEY. If either of these files are encrypted, you can specify the password in the environment variable CA_PASS. These tests create a new certificate for the user account, signed with the private key of the Certificate Authority. We negotiate the reply key with either of the public-key and Diffie-Hellman PK-INIT variants, and use the reply key to decrypt the enc-part in the response. We also check that the KDC’s signatures are valid. Most of the failures with the Heimdal KDC are due to the wrong nonce being returned in the reply compared to Windows, which issue is simple enough to correct. An example command line for manual testing against Windows: SMB_CONF_PATH=ad_dc.conf KRB5_CONFIG=krb5.conf SERVICE_USERNAME=win2k19-dc.example.com ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass ADMIN_KVNO=1 FOR_USER=Administrator USERNAME=Administrator PASSWORD=locDCpass DC_SERVER=win2k19-dc.example.com SERVER=win2k19-dc.example.com DOMAIN=example REALM=example.com PYTHONPATH=bin/python STRICT_CHECKING=1 FAST_SUPPORT=1 CLAIMS_SUPPORT=1 COMPOUND_ID_SUPPORT=1 TKT_SIG_SUPPORT=1 FULL_SIG_SUPPORT=1 GNUTLS_PBKDF2_SUPPORT=1 EXPECT_PAC=1 EXPECT_EXTRA_PAC_BUFFERS=1 CHECK_CNAME=1 CHECK_PADATA=1 KADMIN_IS_TGS=0 FORCED_RC4=1 DEFAULT_ETYPES=36 CA_CERT=./win2k19-ca.pfx CA_PASS=1234 python3 python/samba/tests/krb5/pkinit_tests.py To set up windows for this I first installed an Certificate Authority with an Enterprise CA. Then I exported the private key and certificate of the CA: 1. go into the Certification Authority snap-in for the relevant computer, 2. right-clicking the CA 3. clicking ‘All Tasks’ → ‘Back up CA...’ 4. and exporting the private key and CA certificate. (I downloaded the resulting file via smbclient). After setting up an Enterprise CA, I also needed to edit the domain controller GPO to enable auto-enrollment, otherwise Windows would refuse to accept as legitimate any certificates provided by the client. That can be done by first enabling the policy: ‘Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies/Certificate Services Client — Auto-Enrollment’, and then ticking both ‘Renew expired certificates…’ and ‘Update certificates…’) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-03 14:43:10 +12:00
ca_dir = os.path.join('selftest', 'manage-ca', 'CA-samba.example.com')
# This certificate is currently used just to get the name of the certificate
# issuer.
ca_cert_path = os.path.join(ca_dir,
'DCs',
'addc.addom.samba.example.com',
'DC-addc.addom.samba.example.com-cert.pem')
# The private key is used to issue new certificates.
ca_private_key_path = os.path.join(ca_dir,
'Private',
'CA-samba.example.com-private-key.pem')
ca_pass = '1234'
krb5_environ = {
'SERVICE_USERNAME': '$SERVER',
'ADMIN_USERNAME': '$DC_USERNAME',
'ADMIN_PASSWORD': '$DC_PASSWORD',
'ADMIN_KVNO': '1',
'FOR_USER': '$DC_USERNAME',
'STRICT_CHECKING':'0',
'FAST_SUPPORT': have_fast_support,
'CLAIMS_SUPPORT': claims_support,
'COMPOUND_ID_SUPPORT': compound_id_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname,
'CHECK_PADATA': check_padata,
'KADMIN_IS_TGS': kadmin_is_tgs,
'EXPECT_NT_STATUS': expect_nt_status,
'AS_REQ_LOGGING_SUPPORT': as_req_logging_support,
'TGS_REQ_LOGGING_SUPPORT': tgs_req_logging_support,
tests/krb5: Add PK-INIT testing framework To run these tests standalone, you will need the certificate and private key of the Certificate Authority. These can be specified together in the same file with the environment variable CA_CERT, or the private key may be specified in its own file with CA_PRIVATE_KEY. If either of these files are encrypted, you can specify the password in the environment variable CA_PASS. These tests create a new certificate for the user account, signed with the private key of the Certificate Authority. We negotiate the reply key with either of the public-key and Diffie-Hellman PK-INIT variants, and use the reply key to decrypt the enc-part in the response. We also check that the KDC’s signatures are valid. Most of the failures with the Heimdal KDC are due to the wrong nonce being returned in the reply compared to Windows, which issue is simple enough to correct. An example command line for manual testing against Windows: SMB_CONF_PATH=ad_dc.conf KRB5_CONFIG=krb5.conf SERVICE_USERNAME=win2k19-dc.example.com ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass ADMIN_KVNO=1 FOR_USER=Administrator USERNAME=Administrator PASSWORD=locDCpass DC_SERVER=win2k19-dc.example.com SERVER=win2k19-dc.example.com DOMAIN=example REALM=example.com PYTHONPATH=bin/python STRICT_CHECKING=1 FAST_SUPPORT=1 CLAIMS_SUPPORT=1 COMPOUND_ID_SUPPORT=1 TKT_SIG_SUPPORT=1 FULL_SIG_SUPPORT=1 GNUTLS_PBKDF2_SUPPORT=1 EXPECT_PAC=1 EXPECT_EXTRA_PAC_BUFFERS=1 CHECK_CNAME=1 CHECK_PADATA=1 KADMIN_IS_TGS=0 FORCED_RC4=1 DEFAULT_ETYPES=36 CA_CERT=./win2k19-ca.pfx CA_PASS=1234 python3 python/samba/tests/krb5/pkinit_tests.py To set up windows for this I first installed an Certificate Authority with an Enterprise CA. Then I exported the private key and certificate of the CA: 1. go into the Certification Authority snap-in for the relevant computer, 2. right-clicking the CA 3. clicking ‘All Tasks’ → ‘Back up CA...’ 4. and exporting the private key and CA certificate. (I downloaded the resulting file via smbclient). After setting up an Enterprise CA, I also needed to edit the domain controller GPO to enable auto-enrollment, otherwise Windows would refuse to accept as legitimate any certificates provided by the client. That can be done by first enabling the policy: ‘Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies/Certificate Services Client — Auto-Enrollment’, and then ticking both ‘Renew expired certificates…’ and ‘Update certificates…’) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-03 14:43:10 +12:00
'CA_CERT': ca_cert_path,
'CA_PRIVATE_KEY': ca_private_key_path,
'CA_PASS': ca_pass,
}
planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
planoldpythontestsuite("none", "samba.tests.krb5.claims_in_pac")
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
environ=krb5_environ)
for env, fast_support in [("ad_dc_default:local", True),
("fl2003dc:local", False)]:
planoldpythontestsuite(env, "samba.tests.krb5.s4u_tests",
environ={
**krb5_environ,
'FAST_SUPPORT': int(have_fast_support and fast_support),
})
planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
environ=krb5_environ)
planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests",
environ=krb5_environ)
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
environ=krb5_environ)
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
environ=krb5_environ)
for env in ['ad_dc_default', 'ad_member']:
planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
environ=krb5_environ)
planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
environ=krb5_environ)
planoldpythontestsuite("ad_member_idmap_nss:local",
"samba.tests.krb5.test_min_domain_uid",
environ=krb5_environ)
planoldpythontestsuite("ad_member_idmap_nss:local",
"samba.tests.krb5.test_idmap_nss",
environ={
**krb5_environ,
'MAPPED_USERNAME': 'bob',
'MAPPED_PASSWORD': 'Secret007',
'UNMAPPED_USERNAME': 'jane',
'UNMAPPED_PASSWORD': 'Secret007',
'INVALID_USERNAME': 'joe',
'INVALID_PASSWORD': 'Secret007',
})
for env in ["ad_dc", smbv1_disabled_testenv]:
planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite(
"ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
for env in ["chgdcpass", "ad_member"]:
planoldpythontestsuite(env, "samba.tests.dcerpc.raw_protocol",
environ={"MAX_NUM_AUTH": "8",
"USERNAME": "$DC_USERNAME",
"PASSWORD": "$DC_PASSWORD"})
if have_heimdal_support:
planoldpythontestsuite("ad_dc_smb1:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
environ={'CLIENT_IP': '10.53.57.11',
'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
environ={'CLIENT_IP': '10.53.57.11',
'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change",
extra_args=['-U"$USERNAME%$PASSWORD"'])
# these tests use a NCA local RPC connection, so always run on the
# :local testenv, and so don't need to fake a client connection
for env in ["ad_dc_ntvfs:local", "ad_dc:local"]:
planoldpythontestsuite(env, "samba.tests.auth_log_ncalrpc", extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite(env, "samba.tests.auth_log_samlogon",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite(env, "samba.tests.auth_log_netlogon",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite(env, "samba.tests.auth_log_netlogon_bad_creds",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_member:local",
"samba.tests.auth_log_winbind",
extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("fl2008r2dc",
"samba.tests.getdcname",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_smb1",
"samba.tests.net_join_no_spnego",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc",
"samba.tests.net_join",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc",
"samba.tests.s3_net_join",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc",
"samba.tests.segfault",
extra_args=['-U"$USERNAME%$PASSWORD"'])
# Need to test the password hashing in multiple environments to ensure that
# all the possible options are covered
#
# ad_dc:local functional_level >= 2008, gpg keys available
planoldpythontestsuite("ad_dc:local",
"samba.tests.password_hash_gpgme",
extra_args=['-U"$USERNAME%$PASSWORD"'])
# ad_dc_ntvfs:local functional level >= 2008, gpg keys not available
planoldpythontestsuite("ad_dc_ntvfs:local",
"samba.tests.password_hash_fl2008",
extra_args=['-U"$USERNAME%$PASSWORD"'])
# fl2003dc:local functional level < 2008, gpg keys not available
planoldpythontestsuite("fl2003dc:local",
"samba.tests.password_hash_fl2003",
extra_args=['-U"$USERNAME%$PASSWORD"'])
# ad_dc: wDigest values over ldap
planoldpythontestsuite("ad_dc",
"samba.tests.password_hash_ldap",
extra_args=['-U"$USERNAME%$PASSWORD"'])
for env in ["ad_dc_backup", smbv1_disabled_testenv]:
planoldpythontestsuite(env + ":local", "samba.tests.domain_backup",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc",
"samba.tests.domain_backup_offline")
# Encrypted secrets
# ensure default provision (ad_dc) and join (vampire_dc)
# encrypt secret values on disk.
planoldpythontestsuite("ad_dc:local",
"samba.tests.encrypted_secrets",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("vampire_dc:local",
"samba.tests.encrypted_secrets",
extra_args=['-U"$USERNAME%$PASSWORD"'])
# The fl2000dc environment is provisioned with the --plaintext_secrets option
# so this test will fail, which proves the secrets are not being encrypted.
# There is an entry in known_fail.d.
planoldpythontestsuite("fl2000dc:local",
"samba.tests.encrypted_secrets",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planpythontestsuite("none",
"samba.tests.lsa_string")
planoldpythontestsuite("ad_dc_ntvfs",
"samba.tests.krb5_credentials",
extra_args=['-U"$USERNAME%$PASSWORD"'])
for env in ["ad_dc_ntvfs", "vampire_dc", "promoted_dc"]:
planoldpythontestsuite(env,
"samba.tests.py_credentials",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs",
"samba.tests.emulate.traffic",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs",
"samba.tests.emulate.traffic_packet",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs",
"samba.tests.blackbox.traffic_replay",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs",
"samba.tests.blackbox.traffic_learner",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs",
"samba.tests.blackbox.traffic_summary",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("none", "samba.tests.loadparm")
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.mdsearch",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_basic")
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_basic",
"samba.tests.blackbox.smbcacls_basic(DFS)",
environ={'SHARE': 'msdfs-share',
'TESTDIR': 'smbcacls_sharedir_dfs'})
# Run smbcacls_propagate_inhertance tests on non msdfs root share
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_propagate_inhertance")
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_save_restore")
planoldpythontestsuite("ad_member",
"samba.tests.blackbox.smbcacls_save_restore",
environ={'USER': '$DC_USERNAME',
'PASSWORD' : '$DC_PASSWORD'}
)
#
# A) Run the smbcacls_propagate_inhertance tests on a msdfs root share
# *without* any nested dfs links
# B) Run the smbcacls_propagate_inhertance tests on a msdfs root share
# *with* a nested dfs link
#
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_dfs_propagate_inherit",
"samba.tests.blackbox.smbcacls_dfs_propagate_inherit(DFS-msdfs-root)",
environ={'SHARE': 'smbcacls_share'})
#
# Want a selection of environments across the process models
#
for env in ["ad_dc_ntvfs:local", "ad_dc:local",
"fl2003dc:local", "fl2008r2dc:local",
"promoted_dc:local"]:
planoldpythontestsuite(env, "samba.tests.blackbox.smbcontrol")
planoldpythontestsuite("none", "samba.tests.blackbox.downgradedatabase")
selftests: Convert "net ads dns async" test to python The current test uses the dig tool from bind9 but this tool has been rewritten in 9.17.7 to use bind's netmgr functions instead of isc_socket (commit 94b7988efb0f9b96415dd2966e6070450d960263). The problem is that these 'netmgr' functions use libuv internally, and, on systems supporting it, they end up using the sendmmsg() syscall which is not catched by socket wrapper so the test fails. This commit converts the test to python and uses the dnspython module instead of the dig tool. Backtraces follow as reference. Backtrace from dig v9.16.28 (working): #0 0x00007ffff778edee in sendmsg () from /lib64/libc.so.6 #1 0x00000000005e5dee in cmsgsend (s=s@entry=12, level=level@entry=0, type=type@entry=1, res=<optimized out>) at net.c:515 #2 0x00000000005e616c in try_dscp_v4 () at net.c:623 #3 try_dscp () at net.c:696 #4 0x00007ffff7708ad7 in __pthread_once_slow () from /lib64/libc.so.6 #5 0x00000000005e66d7 in initialize_dscp () at net.c:702 #6 isc_net_probedscp () at net.c:707 #7 0x00000000005e8460 in socket_create (manager=0x6b49c0, pf=2, type=<optimized out>, socketp=0x7ffff0012b00, dup_socket=0x0) at socket.c:2454 #8 0x000000000043cfcd in send_udp (query=0x7ffff00129a8) at dighost.c:2897 #9 0x000000000043f9c7 in onrun_callback (task=<optimized out>, event=<optimized out>) at dighost.c:4271 #10 0x00000000005dfefe in task_run (task=0x6b5c70) at task.c:851 #11 isc_task_run (task=0x6b5c70) at task.c:944 #12 0x00000000005ca0ce in isc__nm_async_task (worker=0x6b8970, ev0=0x716250) at netmgr.c:873 #13 process_netievent (worker=worker@entry=0x6b8970, ievent=0x716250) at netmgr.c:952 #14 0x00000000005ca2ba in process_queue (worker=worker@entry=0x6b8970, type=type@entry=NETIEVENT_TASK) at netmgr.c:1021 #15 0x00000000005caa43 in process_all_queues (worker=0x6b8970) at netmgr.c:792 #16 async_cb (handle=0x6b8cd0) at netmgr.c:821 #17 0x00007ffff7898a4d in ?? () from /lib64/libuv.so.1 #18 0x00007ffff78b4217 in ?? () from /lib64/libuv.so.1 #19 0x00007ffff789e40a in uv_run () from /lib64/libuv.so.1 #20 0x00000000005ca31e in nm_thread (worker0=0x6b8970) at netmgr.c:727 #21 0x00000000005e2315 in isc__trampoline_run (arg=0x6b7c40) at trampoline.c:198 #22 0x00007ffff7703767 in start_thread () from /lib64/libc.so.6 #23 0x00007ffff778dc10 in clone3 () from /lib64/libc.so.6 Backtrace from dig v9.17.7 (not working): #0 0x00007ffff7684480 in syscall () from /lib64/libc.so.6 #1 0x00007ffff754aed0 in uv__sendmmsg (vlen=0, mmsg=0x0, fd=10) at src/unix/linux-syscalls.c:163 #2 uv__udp_mmsg_init () at src/unix/udp.c:74 #3 0x00007ffff7606ad7 in __pthread_once_slow () from /lib64/libc.so.6 #4 0x00007ffff7541bd9 in uv_once (guard=<optimized out>, callback=<optimized out>) at src/unix/thread.c:440 #5 0x00007ffff7539e9b in uv__udp_sendmsg (handle=0x7ffff50535b8) at src/unix/udp.c:415 #6 uv__udp_send (send_cb=0x7ffff7a41db0 <udp_send_cb>, addrlen=<optimized out>, addr=<optimized out>, nbufs=1, bufs=0x7ffff506c720, handle=0x7ffff50535b8, req=0x7ffff506c878) at src/unix/udp.c:773 #7 uv_udp_send (req=req@entry=0x7ffff506c878, handle=handle@entry=0x7ffff50535b8, bufs=bufs@entry=0x7ffff506c720, nbufs=nbufs@entry=1, addr=<optimized out>, send_cb=send_cb@entry=0x7ffff7a41db0 <udp_send_cb>) at src/uv-common.c:464 #8 0x00007ffff7a42308 in udp_send_direct (peer=0x7ffff5dfa988, req=0x7ffff506c700, sock=0x7ffff5053000) at netmgr/udp.c:839 #9 isc__nm_async_udpsend (worker=<optimized out>, ev0=0x7ffff5dfa950) at netmgr/udp.c:780 #10 0x00007ffff7a47de7 in isc__nm_udp_send (handle=<optimized out>, region=0x7ffff5dfaa90, cb=0x555555566250 <send_done>, cbarg=<optimized out>) at netmgr/udp.c:749 #11 0x0000555555562ac2 in send_udp (query=0x7ffff502a000) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2899 #12 udp_ready (handle=0x7ffff5026180, eresult=ISC_R_SUCCESS, arg=<optimized out>) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2974 #13 0x00007ffff7a37d34 in isc__nm_async_connectcb (worker=worker@entry=0x7ffff622f000, ev0=ev0@entry=0x7ffff5026480) at netmgr/netmgr.c:2704 #14 0x00007ffff7a3ca20 in process_netievent (worker=worker@entry=0x7ffff622f000, ievent=0x7ffff5026480) at netmgr/netmgr.c:940 #15 0x00007ffff7a3d027 in process_queue (worker=worker@entry=0x7ffff622f000, type=type@entry=NETIEVENT_NORMAL) at netmgr/netmgr.c:977 #16 0x00007ffff7a3d203 in process_all_queues (worker=0x7ffff622f000) at netmgr/netmgr.c:733 #17 async_cb (handle=0x7ffff622f360) at netmgr/netmgr.c:762 #18 0x00007ffff7531a4d in uv__async_io (loop=0x7ffff622f010, w=<optimized out>, events=<optimized out>) at src/unix/async.c:163 #19 0x00007ffff754d217 in uv__io_poll (loop=0x7ffff622f010, timeout=<optimized out>) at src/unix/epoll.c:374 #20 0x00007ffff753740a in uv__io_poll (timeout=<optimized out>, loop=0x7ffff622f010) at src/unix/udp.c:122 #21 uv_run (loop=loop@entry=0x7ffff622f010, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:391 #22 0x00007ffff7a3d624 in nm_thread (worker0=0x7ffff622f000) at netmgr/netmgr.c:664 #23 0x00007ffff7a6c915 in isc__trampoline_run (arg=0x555555599210) at /usr/src/debug/bind-9.18.2-1.1.x86_64/lib/isc/trampoline.c:187 #24 0x00007ffff7601767 in start_thread () from /lib64/libc.so.6 #25 0x00007ffff768bc10 in clone3 () from /lib64/libc.so.6 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 4 00:27:29 UTC 2022 on sn-devel-184
2022-06-02 18:39:57 +02:00
planpythontestsuite("ad_member:local", "samba.tests.blackbox.netads_dns")
plantestsuite_loadlist("samba4.ldap.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap_modify_order.python(ad_dc_default)",
"ad_dc_default",
[python, os.path.join(samba4srcdir,
"dsdb/tests/python/"
"ldap_modify_order.py"),
# add "-v" here to diagnose
'$SERVER',
'-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN',
'$LOADLIST',
'$LISTOPT'])
plantestsuite_loadlist("samba4.ldap_modify_order.normal_user.python(ad_dc_default)",
"ad_dc_default",
[python, os.path.join(samba4srcdir,
"dsdb/tests/python/"
"ldap_modify_order.py"),
'--normal-user',
# add "-v" here to diagnose
'$SERVER',
'-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN',
'$LOADLIST',
'$LISTOPT'])
planoldpythontestsuite("ad_dc",
"samba.tests.ldap_raw",
extra_args=['-U"$USERNAME%$PASSWORD"'],
environ={'TEST_ENV': 'ad_dc'})
plantestsuite_loadlist("samba.tests.ldap_spn", "ad_dc",
[python,
f"{srcdir()}/python/samba/tests/ldap_spn.py",
'$SERVER',
'-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN',
'$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba.tests.ldap_upn_sam_account", "ad_dc_ntvfs",
[python,
f"{srcdir()}/python/samba/tests/ldap_upn_sam_account.py",
'$SERVER',
'-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN',
'$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.tokengroups.krb5.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'yes', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.tokengroups.ntlm.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'no', '$LOADLIST', '$LISTOPT'])
plantestsuite("samba4.sam.python(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.sam.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.asq.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "asq.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.user_account_control.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.priv_attrs.python(ad_dc_default)", "ad_dc_default", ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.priv_attrs.strict.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.unicodepwd_encrypted(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "unicodepwd_encrypted.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
for env in ['ad_dc_default:local', 'schema_dc:local']:
planoldpythontestsuite(env, "dsdb_schema_info",
extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
name="samba4.schemaInfo.python(%s)" % (env),
extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'])
planpythontestsuite(env, "samba.tests.dsdb_schema_attributes")
plantestsuite_loadlist("samba4.urgent_replication.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "urgent_replication.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.dirsync.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "dirsync.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules_remote.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite("samba4.ldap.index.python", "none", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/index.py")])
plantestsuite_loadlist("samba4.ldap.notification.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "notification.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.sites.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sites.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
env = 'vampire_dc'
# Test with LMDB (GSSAPI/SASL bind)
plantestsuite_loadlist("samba4.ldap.large_ldap.gssapi.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=yes', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
env = 'ad_dc_default'
# Test with TDB (NTLMSSP bind)
plantestsuite_loadlist("samba4.ldap.large_ldap.ntlmssp.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=no', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
env = 'ad_dc_ntvfs'
# Test with ldaps://
plantestsuite_loadlist("samba4.ldap.large_ldap.ldaps.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldaps://$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
env = 'fl2008r2dc'
# Test with straight ldap
plantestsuite_loadlist("samba4.ldap.large_ldap.straight_ldap.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldap://$SERVER', '--simple-bind-dn=$USERNAME@$REALM', '--password=$PASSWORD', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
planoldpythontestsuite("ad_dc_default", "sort", environ={'SERVER' : '$SERVER', 'DATA_DIR' : os.path.join(samba4srcdir, 'dsdb/tests/python/testdata/')}, name="samba4.ldap.sort.python", extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc)", "ad_dc:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)",
"ad_dc_ntvfs:local",
[python, os.path.join(samba4srcdir,
"dsdb/tests/python/subtree_rename.py"),
'$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb',
'-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN',
'$LOADLIST',
'$LISTOPT'])
planoldpythontestsuite(
"ad_dc_ntvfs",
"samba.tests.ldap_referrals",
environ={
'SERVER': '$SERVER',
},
name="samba.ldap.referrals",
extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
# These should be the first tests run against testenvs created by backup/restore
for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
# check that a restored DC matches the original DC (backupfromdc)
plantestsuite("samba4.blackbox.ldapcmp_restore", env,
["PYTHON=%s" % python,
os.path.join(bbdir, "ldapcmp_restoredc.sh"),
'$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
# we also test joining backupfromdc here, as it's a bit special in that it
# doesn't have Default-First-Site-Name
for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
'labdc']:
# basic test that we can join the testenv DC
plantestsuite("samba4.blackbox.join_ldapcmp", env,
["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
env = 'backupfromdc'
planoldpythontestsuite("%s:local" % env, "samba_tool_drs_no_dns",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.samba_tool_drs_no_dns.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$DC_SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
plantestsuite_loadlist("samba4.ldap.rodc.python(rodc)", "rodc",
[python,
os.path.join(DSDB_PYTEST_DIR, "rodc.py"),
'$SERVER', '-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.rodc_rwdc.python(rodc)", "rodc:local",
[python,
os.path.join(samba4srcdir,
"dsdb/tests/python/rodc_rwdc.py"),
'$SERVER', '$DC_SERVER', '-U"$USERNAME%$PASSWORD"',
'--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
planoldpythontestsuite("rodc:local", "replica_sync_rodc",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.replica_sync_rodc.python(rodc)",
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite("ad_dc_default_smb1", "password_settings",
extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
name="samba4.ldap.passwordsettings.python",
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in all_fl_envs + ["schema_dc"]:
plantestsuite_loadlist("samba4.ldap_schema.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "ldap_schema.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"])
plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.acl_modify.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl_modify.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
for env in all_fl_envs + ["schema_dc", "ad_dc_no_ntlm"]:
if env != "fl2000dc":
# This test makes excessive use of the "userPassword" attribute which
# isn't available on DCs with Windows 2000 domain function level -
# therefore skip it in that configuration
plantestsuite_loadlist("samba4.ldap.passwords.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "passwords.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", '$LOADLIST', '$LISTOPT'])
for env in ["ad_dc_slowtests"]:
# This test takes a lot of time, so we run it against a minimum of
# environments, please only add new ones if there's really a
# difference we need to test
plantestsuite_loadlist("samba4.ldap.vlv.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "vlv.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.confidential_attr.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "confidential_attr.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.password_lockout.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "password_lockout.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", '$LOADLIST', '$LISTOPT'])
planoldpythontestsuite(env, "tombstone_reanimation",
name="samba4.tombstone_reanimation.python",
environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME', 'TEST_PASSWORD': '$PASSWORD'},
extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')]
)
planoldpythontestsuite(env, "samba.tests.join",
name="samba.tests.join.python(%s)" % env,
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
# this is a basic sanity-check of Kerberos/NTLM user login
for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc", "ad_dc_no_ntlm"]:
plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env,
[python, os.path.join(DSDB_PYTEST_DIR, "login_basics.py"),
"$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM",
'$LOADLIST', '$LISTOPT'])
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.upgradeprovisionneeddc")
planpythontestsuite("ad_dc:local", "samba.tests.posixacl")
planpythontestsuite("ad_dc_no_nss:local", "samba.tests.posixacl")
plantestsuite_loadlist("samba4.deletetest.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "deletetest.py"),
'$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.provision_fileperms", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/provision_fileperms.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.supported_features", "none",
["PYTHON=%s" % python,
os.path.join(samba4srcdir,
"setup/tests/blackbox_supported_features.sh"),
'$PREFIX/provision'])
plantestsuite("samba4.blackbox.start_backup", "none",
["PYTHON=%s" % python,
os.path.join(samba4srcdir,
"setup/tests/blackbox_start_backup.sh"),
'$PREFIX/provision'])
plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.group.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_group.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.spn.py(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_spn.sh"), '$PREFIX/ad_dc_ntvfs'])
plantestsuite_loadlist("samba4.ldap.bind(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(srcdir(), "auth/credentials/tests/bind.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '$LOADLIST', '$LISTOPT'])
# This makes sure we test the rid allocation code
t = "rpc.samr.large-dc"
plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname=("samba4.%s.one" % t))
plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s.two" % t)
# RPC smoke-tests for testenvs of interest (RODC, etc)
for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", r'-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', binpath('smbclient')])
planpythontestsuite("rodc:local", "samba.tests.samba_tool.rodc")
plantestsuite("samba.blackbox.rpcclient_samlogon", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
"$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
r"testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
"testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
# Test renaming the DC
plantestsuite("samba4.blackbox.renamedc.sh", "none", ["PYTHON=%s" % python, os.path.join(bbdir, "renamedc.sh"), '$PREFIX/provision'])
# DRS python tests
# Note that $DC_SERVER is the PDC (e.g. ad_dc_ntvfs) and $SERVER is
# the 2nd DC (e.g. vampire_dc).
env = 'vampire_dc'
planoldpythontestsuite(env, "ridalloc_exop",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.ridalloc_exop.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
# This test can pollute the environment a little by creating and
# deleting DCs which can get into the replication state for a while.
#
# The setting of DC1 to $DC_SERVER means that it will join towards and
# operate on schema_dc. This matters most when running
# test_samba_tool_replicate_local as this sets up a full temp DC and
# does new replication to it, which can show up in the replication
# topology.
#
# That is why this test is run on the isolated environment and not on
# those connected with ad_dc (vampiredc/promoteddc)
#
# The chgdcpass environment is likewise isolated and emulates Samba 4.5
# with regard to GET_ANC
env = 'schema_pair_dc'
planoldpythontestsuite("%s:local" % env, "samba_tool_drs",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.samba_tool_drs.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in ['chgdcpass', 'schema_pair_dc']:
planoldpythontestsuite("%s:local" % env, "samba_tool_drs_critical",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.samba_tool_drs_critical.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
env = "schema_pair_dc"
planoldpythontestsuite(env, "getnc_schema",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getnc_schema.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER',
"PLEASE_BREAK_MY_WINDOWS": "1"},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
# This test can be sensitive to the DC joins and replications done in
# "samba_tool_drs" so it is run against schema_pair_dc/schema_dc
# not the set of environments connected with ad_dc.
# This will show the replication state of ad_dc
env = "schema_pair_dc"
planoldpythontestsuite("%s:local" % env, "samba_tool_drs_showrepl",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.samba_tool_drs_showrepl.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in ['vampire_dc', 'promoted_dc']:
planoldpythontestsuite("%s:local" % env, "replica_sync",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.replica_sync.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "delete_object",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.delete_object.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "fsmo",
name="samba4.drs.fsmo.python(%s)" % env,
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "repl_secdesc",
name="samba4.drs.repl_secdesc.python(%s)" % env,
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "repl_move",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.repl_move.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "getnc_unpriv",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getnc_unpriv.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "linked_attributes_drs",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.linked_attributes_drs.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "link_conflicts",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.link_conflicts.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
# Environment chgdcpass has the Samba 4.5 GET_ANC behaviour, which we
# set a knownfail to expect
for env in ['vampire_dc', 'promoted_dc', 'chgdcpass']:
planoldpythontestsuite(env, "getnc_exop",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getnc_exop.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in ['vampire_dc', 'promoted_dc', 'vampire_2000_dc']:
planoldpythontestsuite(env, "repl_schema",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.repl_schema.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
s4:selftest: run wbinfo tests at the end... This avoids flakey crashes in the promoted_dc environment. See the examples below, we had up to 50% of the daily build failing... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> https://git.samba.org/autobuild.flakey/2013-12-23-1942/samba.stdout [1586/1594 in 1h39m20s] samba4.drs.fsmo.python(promoted_dc) Testing for schema role transfer from localdc.samba.example.com to PROMOTEDVDC.samba.example.com FSMO transfer of 'schema' role successful Testing for schema role transfer from PROMOTEDVDC.samba.example.com to localdc.samba.example.com ERROR: Failed to initiate transfer of 'schema' role: LDAP error 52 LDAP_UNAVAILABLE - <Failed FSMO transfer: WERR_DS_DRA_INTERNAL_ERROR> <> UNEXPECTED(failure): samba4.drs.fsmo.python(promoted_dc).fsmo.DrsFsmoTestCase.test_SchemaMasterTransfer(promoted_dc) REASON: _StringException: _StringException: Content-Type: text/x-traceback;charset=utf8,language=python traceback 380 https://git.samba.org/autobuild.flakey/2013-12-24-1546/samba.stdout [1583/1594 in 1h36m4s] samba.tests.blackbox.samba_tool_drs ERROR: Testsuite[samba.tests.blackbox.samba_tool_drs] REASON: unable to set up environment promoted_dc - exiting https://git.samba.org/autobuild.flakey/2013-12-24-1546/samba.stderr Unable to convert 1.2.840.86419.1.5.9939 to an attid, and can_change_pfm=false! Unable to convert governsID on CN=test-class30318,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com to DRS object - WERR_NOT_FOUND ../source4/rpc_server/drsuapi/getncchanges.c:1646: DsGetNCChanges 2nd replication on different DN CN=Configuration,DC=samba,DC=example,DC=com CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com (last_dn CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com) =============================================================== INTERNAL ERROR: Signal 11 in pid 884274 (4.2.0pre1-DEVELOPERBUILD) Please read the Trouble-Shooting section of the Samba HOWTO =============================================================== smb_panic(): calling panic action [/memdisk/autobuild/fl/b302436/samba/selftest/gdb_backtrace 884274] [Thread debugging using libthread_db enabled] 0x00002af6b5c1977e in __libc_waitpid (pid=<value optimized out>, stat_loc=0x7fff67c7709c, options=<value optimized out>) at ../sysdeps/unix/sysv/linux/waitpid.c:32 32 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory. in ../sysdeps/unix/sysv/linux/waitpid.c #0 0x00002af6b5c1977e in __libc_waitpid (pid=<value optimized out>, stat_loc=0x7fff67c7709c, options=<value optimized out>) at ../sysdeps/unix/sysv/linux/waitpid.c:32 oldtype = <value optimized out> result = <value optimized out> #1 0x00002af6b5baeb39 in do_system (line=<value optimized out>) at ../sysdeps/posix/system.c:149 __result = -512 _buffer = {__routine = 0x2af6b5baee90 <cancel_handler>, __arg = 0x7fff67c77098, __canceltype = 0, __prev = 0x0} _avail = 1 status = <value optimized out> save = <value optimized out> pid = 886733 sa = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {65536, 0 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x2af6b5b730f0} omask = {__val = {7808, 4294967295, 140734934511616, 1, 2195512, 0, 0, 0, 47239032274944, 47239027992529, 140733193388033, 0, 0, 47239099003120, 140734934511792, 47239558787328}} #2 0x00002af6b311821f in smb_panic_default ( why=0x2af6b312a875 "internal error") at ../lib/util/fault.c:134 result = 32767 pidstr = "884274\000\000\001\375\376\320\366*\000\000\260\377\377\377" cmdstring = "/memdisk/autobuild/fl/b302436/samba/selftest/gdb_backtrace 884274\000\307g\377\177\000\000\001\000\000\000\000\000\000\000\320\301#", '\000' <repeats 30 times>"\240, \017\263\366*\000\000\321\247{\261\366*\000\000\001\000\000\000\005", '\000' <repeats 11 times>"\260, \016\v\321\366*\000\000X\351\017\263\366*\000\000\260q\307g\377\177\000\000\000\361\036\321\366*\000\000\020r\307g\377\177\000\000\240\301z\326\366*\000\000\000Z\304\320\366*\000" __FUNCTION__ = "smb_panic_default" #3 0x00002af6b31183b5 in smb_panic (why=0x2af6b312a875 "internal error") at ../lib/util/fault.c:162 No locals. #4 0x00002af6b311809f in fault_report (sig=11) at ../lib/util/fault.c:77 counter = 1 __FUNCTION__ = "fault_report" #5 0x00002af6b31180b4 in sig_fault (sig=11) at ../lib/util/fault.c:88 No locals. #6 <signal handler called> No symbol table info available. #7 0x00002af6cabef930 in replmd_check_urgent_objectclass ( objectclass_el=0x0, situation=REPL_URGENT_ON_UPDATE) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:205 i = 2 j = 0 #8 0x00002af6cabf29b6 in replmd_update_rpmd (module=0x2af6b17f2c20, schema=0x2af6d05e5570, req=0x2af6d05e8ad0, rename_attrs=0x0, msg=0x2af6d11ef100, seq_num=0x2af6d0c315b8, t=1387895162, is_urgent=0x7fff67c778bf, rodc=0x7fff67c778be) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1432 omd_value = 0x7fff67c77810 ndr_err = 3508465920 omd = {version = 1741125552, reserved = 32767, ctr = {ctr1 = { count = 3008684740, reserved = 10998, array = 0x7fff67c777b0}}} i = 10998 now = 130323687620000000 our_invocation_id = 0x2af6d1796390 ret = 0 attrs = 0x7fff67c77750 attrs1 = {0x2af6cabff775 "replPropertyMetaData", 0x2af6cabffc8b "*", 0x0} attrs2 = {0x2af6cabff76a "uSNChanged", 0x2af6cabffa98 "objectClass", 0x2af6cabffc8d "instanceType", 0x0} res = 0x2af6d10b0eb0 ldb = 0x2af6b17f2470 objectclass_el = 0x0 situation = REPL_URGENT_ON_UPDATE rmd_is_provided = false __FUNCTION__ = "replmd_update_rpmd" #9 0x00002af6cabf5a06 in replmd_modify (module=0x2af6b17f2c20, req=0x2af6d05e8ad0) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:2455 msds_intid_struct = 0x2af6d05e8ad0 ldb = 0x2af6b17f2470 ac = 0x2af6d0c31580 down_req = 0x2af6d0e6a100 msg = 0x2af6d11ef100 t = 1387895162 ret = 1741125936 is_urgent = false rodc = false functional_level = 3 guid_blob = 0x0 sd_propagation_control = 0x0 #10 0x00002af6bf69f94d in dsdb_module_modify (module=0x2af6b17f2c20, message=0x2af6d1183fe0, dsdb_flags=4194304, parent=0x2af6ce6ea980) at ../source4/dsdb/samdb/ldb_modules/util.c:460 ops = 0x2af6cae06b40 mod_req = 0x2af6d05e8ad0 ret = 0 ldb = 0x2af6b17f2470 tmp_ctx = 0x2af6d0ed62f0 res = 0x2af6d0e6a100 __FUNCTION__ = "dsdb_module_modify" #11 0x00002af6cabf7ebc in replmd_delete_internals (module=0x2af6b17f2c20, req=0x2af6ce6ea980, re_delete=true) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3309 ret = 0 retb = true disallow_move_on_delete = false old_dn = 0x2af6d6a2a010 new_dn = 0x2af6d0794a90 rdn_name = 0x2af6d0885c10 "CN" rdn_value = 0x2af6d10d7368 new_rdn_value = 0x2af6d0c45a00 guid = {time_low = 48, time_mid = 0, time_hi_and_version = 0, clock_seq = "\200\251", node = "n\316\366*\000"} ldb = 0x2af6b17f2470 schema = 0x2af6d05e5570 msg = 0x2af6d1183fe0 old_msg = 0x2af6d1902800 el = 0x2af6d0874900 tmp_ctx = 0x2af6d0b77560 res = 0x2af6d0d57980 parent_res = 0x30 preserved_attrs = {0x2af6cac00fe1 "nTSecurityDescriptor", 0x2af6cac055c3 "attributeID", 0x2af6cac055cf "attributeSyntax", 0x2af6cac055df "dNReferenceUpdate", 0x2af6cac055f1 "dNSHostName", 0x2af6cac055fd "flatName", 0x2af6cac05606 "governsID", 0x2af6cac05610 "groupType", 0x2af6cabffc8d "instanceType", 0x2af6cac0561a "lDAPDisplayName", 0x2af6cac0562a "legacyExchangeDN", 0x2af6cabfe94d "isDeleted", 0x2af6cabfe957 "isRecycled", 0x2af6cac020f8 "lastKnownParent", 0x2af6cac021e8 "msDS-LastKnownRDN", 0x2af6cac0563b "mS-DS-CreatorSID", 0x2af6cac0564c "mSMQOwnerID", 0x2af6cac05658 "nCName", 0x2af6cabffa98 "objectClass", 0x2af6cac0565f "distinguishedName", 0x2af6cabff5b5 "objectGUID", 0x2af6cac05671 "objectSid", 0x2af6cac0567b "oMSyntax", 0x2af6cac05684 "proxiedObjectName", 0x2af6cac014d8 "name", 0x2af6cabff775 "replPropertyMetaData", 0x2af6cac05696 "sAMAccountName", 0x2af6cac056a5 "securityIdentifier", 0x2af6cac056b8 "sIDHistory", 0x2af6cac056c3 "subClassOf", 0x2af6cac01ba8 "systemFlags", 0x2af6cac056ce "trustPartner", 0x2af6cac056db "trustDirection", 0x2af6cac056ea "trustType", 0x2af6cac056f4 "trustAttributes", 0x2af6cabfe9b8 "userAccountControl", 0x2af6cabff76a "uSNChanged", 0x2af6cabff75f "uSNCreated", 0x2af6cabff747 "whenCreated", 0x2af6cabff753 "whenChanged", 0x0} i = 12 el_count = 1 deletion_state = OBJECT_TOMBSTONE next_deletion_state = OBJECT_TOMBSTONE __FUNCTION__ = "replmd_delete_internals" #12 0x00002af6cabfbbe3 in replmd_replicated_apply_isDeleted ( ar=0x2af6d74c0b40) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:4718 del_req = 0x2af6ce6ea980 res = 0x2af6d0cdebf0 tmp_ctx = 0x2af6d0949230 deleted_objects_dn = 0x2af6d1a49f00 msg = 0x2af6d0a39620 ret = 0 #13 0x00002af6cabf0766 in replmd_op_callback (req=0x2af6d05a21e0, ares=0x2af6d0d715c0) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:526 ret = 10998 ac = 0x2af6d74c0b40 replmd_private = 0x2af6b188c7c0 modified_partition = 0x2af6d141b670 partition_ctrl = 0x2af6d1905f40 partition = 0x2af6ce6bdbe0 controls = 0x0 __FUNCTION__ = "replmd_op_callback" #14 0x00002af6b1df7ca2 in ldb_module_done (req=0x2af6d05a21e0, ctrls=0x2af6d1629aa0, response=0x0, error=0) at ../lib/ldb/common/ldb_modules.c:832 ares = 0x2af6d0d715c0 #15 0x00002af6cabf896b in replmd_op_possible_conflict_callback ( req=0x2af6d05a21e0, ares=0x2af6b1883eb0, callback=0x2af6cabf0334 <replmd_op_callback>) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3606 conflict_dn = 0x2af6cac03470 ar = 0x2af6d74c0b40 res = 0x2af6b354f89b attrs = {0x2af6cabff775 "replPropertyMetaData", 0x2af6cabff5b5 "objectGUID", 0x0} ret = -682882240 omd_value = 0x7fff67c77e20 omd = {version = 1741127104, reserved = 32767, ctr = {ctr1 = { count = 0, reserved = 0, array = 0x28}}} rmd = 0x2af6d74c0ae0 ndr_err = 10998 rename_incoming_record = false rodc = false rmd_name = 0x7fff67c77e10 omd_name = 0x2af6d74c0b40 msg = 0x2af6b1883e50 __FUNCTION__ = "replmd_op_possible_conflict_callback" #16 0x00002af6cabf93fb in replmd_op_add_callback (req=0x2af6d05a21e0, ares=0x2af6b1883eb0) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3802 ar = 0x2af6d74c0b40 #17 0x00002af6b1df7ca2 in ldb_module_done (req=0x2af6d05a21e0, ctrls=0x2af6d1629aa0, response=0x0, error=0) at ../lib/ldb/common/ldb_modules.c:832 ares = 0x2af6b1883eb0 #18 0x00002af6ca3c8b6a in partition_req_callback (req=0x2af6d087a1e0, ares=0x2af6d05a1fa0) at ../source4/dsdb/samdb/ldb_modules/partition.c:213 ac = 0x2af6d0949370 module = 0x2af6cd27bf12 nreq = 0x2af6d05b67b0 ret = 0 partition_ctrl = 0x2af6d0d71740 #19 0x00002af6cd2752ab in ltdb_request_done (ctx=0x2af6d1cd7ed0, error=0) at ../lib/ldb/ldb_tdb/ldb_tdb.c:1280 ldb = 0x2af6b17f2470 req = 0x2af6d087a1e0 ares = 0x2af6d05a1fa0 #20 0x00002af6cd275597 in ltdb_callback (ev=0x2af6b17ef8c0, te=0x2af6d17f75d0, t=..., private_data=0x2af6d1cd7ed0) at ../lib/ldb/ldb_tdb/ldb_tdb.c:1390 ctx = 0x2af6d1cd7ed0 ret = 0 #21 0x00002af6b3343259 in tevent_common_loop_timer_delay (ev=0x2af6b17ef8c0) at ../lib/tevent/tevent_timed.c:341 current_time = {tv_sec = 0, tv_usec = 0} te = 0x2af6d17f75d0 #22 0x00002af6b334558a in epoll_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") at ../lib/tevent/tevent_epoll.c:912 epoll_ev = 0x2af6b17efb00 tval = {tv_sec = 47239056876603, tv_usec = 47239028210096} panic_triggered = false #23 0x00002af6b3342363 in std_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") at ../lib/tevent/tevent_standard.c:112 glue_ptr = 0x2af6b17ef9b0 glue = 0x2af6b17ef9b0 ret = 10998 #24 0x00002af6b333c799 in _tevent_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") at ../lib/tevent/tevent.c:530 ret = 0 nesting_stack_ptr = 0x0 #25 0x00002af6b1e154c4 in ldb_wait (handle=0x2af6d67624c0, type=LDB_WAIT_ALL) at ../lib/ldb/common/ldb.c:621 ev = 0x2af6b17ef8c0 ret = 0 #26 0x00002af6b1e1786b in ldb_extended (ldb=0x2af6b17f2470, oid=0x2af6b4c4f9ce "1.3.6.1.4.1.7165.4.4.1", data=0x2af6d0e2bc60, _res=0x7fff67c78240) at ../lib/ldb/common/ldb.c:1506 req = 0x2af6d0c45a00 ret = 0 res = 0x2af6d69238f0 #27 0x00002af6b4c4a0d6 in dsdb_replicated_objects_commit (ldb=0x2af6b17f2470, working_schema=0x0, objects=0x2af6d0e2bc60, notify_uSN=0x2af6d14a65f0) at ../source4/dsdb/repl/replicated_objects.c:773 werr = {w = 0} ext_res = 0x0 cur_schema = 0x0 new_schema = 0x0 ret = 0 seq_num1 = 5554 seq_num2 = 47239626746464 used_global_schema = false tmp_ctx = 0x2af6d03c5860 __FUNCTION__ = "dsdb_replicated_objects_commit" #28 0x00002af6c1c6babb in dreplsrv_op_pull_source_apply_changes_trigger ( req=0x2af6d17daed0, r=0x2af6d17db0d0, ctr_level=6, ctr1=0x0, ctr6=0x2af6d1b02bb0) at ../source4/dsdb/repl/drepl_out_helpers.c:717 state = 0x2af6d17db050 rf1 = {blobsize = 274, consecutive_sync_failures = 0, last_success = 130323684670000000, last_attempt = 130323687610000000, result_last_attempt = {w = 0}, other_info = 0x2af6d0949910, other_info_length = 66, replica_flags = 112, schedule = '\021' <repeats 84 times>, reserved = 0, highwatermark = {tmp_highest_usn = 12398, reserved_usn = 0, highest_usn = 12398}, source_dsa_obj_guid = { time_low = 984092159, time_mid = 850, time_hi_and_version = 18870, clock_seq = "\251X", node = "UF\324\223\205\241"}, source_dsa_invocation_id = { time_low = 1460694408, time_mid = 52035, time_hi_and_version = 18738, clock_seq = "\204}", node = "\264\365\276\372\256\303"}, transport_guid = { time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}} service = 0x2af6d0ff6b00 partition = 0x2af6d0b6f220 drsuapi = 0x2af6d1c8d480 schema = 0x2af6d05e5570 working_schema = 0x0 mapping_ctr = 0x2af6d1b02c10 object_count = 50 first_object = 0x2af6d0571800 linked_attributes_count = 0 linked_attributes = 0x2af6d5212140 uptodateness_vector = 0x2af6d1a741c0 objects = 0x2af6d0e2bc60 more_data = false status = {w = 0} nt_status = {v = 3006553120} dsdb_repl_flags = 0 __FUNCTION__ = "dreplsrv_op_pull_source_apply_changes_trigger" #29 0x00002af6c1c6b3e7 in dreplsrv_op_pull_source_get_changes_done ( subreq=0x0) at ../source4/dsdb/repl/drepl_out_helpers.c:599 req = 0x2af6d17daed0 state = 0x2af6d17db050 status = {v = 0} r = 0x2af6d17db0d0 ctr_level = 6 ctr1 = 0x0 ctr6 = 0x2af6d1b02bb0 extended_ret = DRSUAPI_EXOP_ERR_NONE #30 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d1a73f70, location=0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_c.c:712") at ../lib/tevent/tevent_req.c:102 No locals. #31 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d1a73f70, state=TEVENT_REQ_DONE, location=0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_c.c:712") at ../lib/tevent/tevent_req.c:117 No locals. #32 0x00002af6b333e374 in _tevent_req_done (req=0x2af6d1a73f70, location=0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_c.c:712") at ../lib/tevent/tevent_req.c:123 No locals. #33 0x00002af6c1c708df in dcerpc_drsuapi_DsGetNCChanges_r_done ( subreq=0x2af6d122f4c0) at default/librpc/gen_ndr/ndr_drsuapi_c.c:712 req = 0x2af6d1a73f70 status = {v = 0} #34 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d122f4c0, location=0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") at ../lib/tevent/tevent_req.c:102 No locals. #35 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d122f4c0, state=TEVENT_REQ_DONE, location=0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") at ../lib/tevent/tevent_req.c:117 No locals. #36 0x00002af6b333e374 in _tevent_req_done (req=0x2af6d122f4c0, location=0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") at ../lib/tevent/tevent_req.c:123 No locals. #37 0x00002af6b5757ede in dcerpc_binding_handle_call_done (subreq=0x0) at ../librpc/rpc/binding_handle.c:517 req = 0x2af6d122f4c0 state = 0x2af6d122f640 h = 0x2af6d0959d10 error = {v = 0} out_flags = 0 ndr_err = NDR_ERR_SUCCESS #38 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d522f7a0, location=0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") at ../lib/tevent/tevent_req.c:102 No locals. #39 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d522f7a0, state=TEVENT_REQ_DONE, location=0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") at ../lib/tevent/tevent_req.c:117 No locals. #40 0x00002af6b333e374 in _tevent_req_done (req=0x2af6d522f7a0, location=0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") at ../lib/tevent/tevent_req.c:123 No locals. #41 0x00002af6b5757398 in dcerpc_binding_handle_raw_call_done (subreq=0x0) at ../librpc/rpc/binding_handle.c:188 req = 0x2af6d522f7a0 state = 0x2af6d522f920 error = {v = 0} #42 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d0712430, location=0x2af6b44b8810 "../source4/librpc/rpc/dcerpc.c:322") at ../lib/tevent/tevent_req.c:102 No locals. #43 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d0712430, state=TEVENT_REQ_DONE, location=0x2af6b44b8810 "../source4/librpc/rpc/dcerpc.c:322") at ../lib/tevent/tevent_req.c:117 No locals. #44 0x00002af6b333e472 in tevent_req_trigger (ev=0x2af6b17ef8c0, im=0x2af6d0712500, private_data=0x2af6d0712430) at ../lib/tevent/tevent_req.c:174 req = 0x2af6d0712430 #45 0x00002af6b333d6d4 in tevent_common_loop_immediate (ev=0x2af6b17ef8c0) at ../lib/tevent/tevent_immediate.c:135 im = 0x2af6d0712500 handler = 0x2af6b333e423 <tevent_req_trigger> private_data = 0x2af6d0712430 #46 0x00002af6b3345570 in epoll_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent_epoll.c:907 epoll_ev = 0x2af6b17efb00 tval = {tv_sec = 47239056876603, tv_usec = 47239028210096} panic_triggered = false #47 0x00002af6b3342363 in std_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent_standard.c:112 glue_ptr = 0x2af6b17ef9b0 glue = 0x2af6b17ef9b0 ret = 10998 #48 0x00002af6b333c799 in _tevent_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent.c:530 ret = 0 nesting_stack_ptr = 0x0 #49 0x00002af6b333ca11 in tevent_common_loop_wait (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent.c:634 ret = 0 #50 0x00002af6b3342405 in std_event_loop_wait (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent_standard.c:138 glue_ptr = 0x2af6b17ef9b0 glue = 0x2af6b17ef9b0 ret = 10998 #51 0x00002af6b333cadc in _tevent_loop_wait (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent.c:653 No locals. #52 0x00002af6b15a37bc in binary_smbd_main ( binary_name=0x2af6b15a737b "samba", argc=6, argv=0x7fff67c78de8) at ../source4/smbd/server.c:503 opt_daemon = false opt_interactive = true opt = -1 pc = 0x2af6b17d5040 static_init = {0x2af6b2ac7d8c <server_service_auth_init>, 0x2af6b2aca9e7 <server_service_echo_init>, 0} shared_init = 0x2af6b18143b0 event_ctx = 0x2af6b17ef8c0 stdin_event_flags = 1 status = {v = 0} model = 0x2af6b17d5b90 "single" max_runtime = 7500 Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jan 6 01:16:13 CET 2014 on sn-devel-104
2014-01-03 12:56:38 +01:00
# A side-effect of the getncchanges tests is that they will create hundreds of
# tombstone objects, so run them last to avoid interfering with (and slowing
# down) the other DRS tests
for env in ['vampire_dc', 'promoted_dc']:
planoldpythontestsuite(env, "getncchanges",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getncchanges.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in ['ad_dc_ntvfs']:
planoldpythontestsuite(env, "repl_rodc",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.repl_rodc.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "cracknames",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.cracknames.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite("chgdcpass:local", "samba.tests.blackbox.samba_dnsupdate",
environ={'DNS_SERVER_IP': '$SERVER_IP'})
for env in ["s4member", "rodc", "promoted_dc", "ad_dc", "ad_member"]:
plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env])
s4:selftest: run wbinfo tests at the end... This avoids flakey crashes in the promoted_dc environment. See the examples below, we had up to 50% of the daily build failing... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> https://git.samba.org/autobuild.flakey/2013-12-23-1942/samba.stdout [1586/1594 in 1h39m20s] samba4.drs.fsmo.python(promoted_dc) Testing for schema role transfer from localdc.samba.example.com to PROMOTEDVDC.samba.example.com FSMO transfer of 'schema' role successful Testing for schema role transfer from PROMOTEDVDC.samba.example.com to localdc.samba.example.com ERROR: Failed to initiate transfer of 'schema' role: LDAP error 52 LDAP_UNAVAILABLE - <Failed FSMO transfer: WERR_DS_DRA_INTERNAL_ERROR> <> UNEXPECTED(failure): samba4.drs.fsmo.python(promoted_dc).fsmo.DrsFsmoTestCase.test_SchemaMasterTransfer(promoted_dc) REASON: _StringException: _StringException: Content-Type: text/x-traceback;charset=utf8,language=python traceback 380 https://git.samba.org/autobuild.flakey/2013-12-24-1546/samba.stdout [1583/1594 in 1h36m4s] samba.tests.blackbox.samba_tool_drs ERROR: Testsuite[samba.tests.blackbox.samba_tool_drs] REASON: unable to set up environment promoted_dc - exiting https://git.samba.org/autobuild.flakey/2013-12-24-1546/samba.stderr Unable to convert 1.2.840.86419.1.5.9939 to an attid, and can_change_pfm=false! Unable to convert governsID on CN=test-class30318,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com to DRS object - WERR_NOT_FOUND ../source4/rpc_server/drsuapi/getncchanges.c:1646: DsGetNCChanges 2nd replication on different DN CN=Configuration,DC=samba,DC=example,DC=com CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com (last_dn CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com) =============================================================== INTERNAL ERROR: Signal 11 in pid 884274 (4.2.0pre1-DEVELOPERBUILD) Please read the Trouble-Shooting section of the Samba HOWTO =============================================================== smb_panic(): calling panic action [/memdisk/autobuild/fl/b302436/samba/selftest/gdb_backtrace 884274] [Thread debugging using libthread_db enabled] 0x00002af6b5c1977e in __libc_waitpid (pid=<value optimized out>, stat_loc=0x7fff67c7709c, options=<value optimized out>) at ../sysdeps/unix/sysv/linux/waitpid.c:32 32 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory. in ../sysdeps/unix/sysv/linux/waitpid.c #0 0x00002af6b5c1977e in __libc_waitpid (pid=<value optimized out>, stat_loc=0x7fff67c7709c, options=<value optimized out>) at ../sysdeps/unix/sysv/linux/waitpid.c:32 oldtype = <value optimized out> result = <value optimized out> #1 0x00002af6b5baeb39 in do_system (line=<value optimized out>) at ../sysdeps/posix/system.c:149 __result = -512 _buffer = {__routine = 0x2af6b5baee90 <cancel_handler>, __arg = 0x7fff67c77098, __canceltype = 0, __prev = 0x0} _avail = 1 status = <value optimized out> save = <value optimized out> pid = 886733 sa = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {65536, 0 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x2af6b5b730f0} omask = {__val = {7808, 4294967295, 140734934511616, 1, 2195512, 0, 0, 0, 47239032274944, 47239027992529, 140733193388033, 0, 0, 47239099003120, 140734934511792, 47239558787328}} #2 0x00002af6b311821f in smb_panic_default ( why=0x2af6b312a875 "internal error") at ../lib/util/fault.c:134 result = 32767 pidstr = "884274\000\000\001\375\376\320\366*\000\000\260\377\377\377" cmdstring = "/memdisk/autobuild/fl/b302436/samba/selftest/gdb_backtrace 884274\000\307g\377\177\000\000\001\000\000\000\000\000\000\000\320\301#", '\000' <repeats 30 times>"\240, \017\263\366*\000\000\321\247{\261\366*\000\000\001\000\000\000\005", '\000' <repeats 11 times>"\260, \016\v\321\366*\000\000X\351\017\263\366*\000\000\260q\307g\377\177\000\000\000\361\036\321\366*\000\000\020r\307g\377\177\000\000\240\301z\326\366*\000\000\000Z\304\320\366*\000" __FUNCTION__ = "smb_panic_default" #3 0x00002af6b31183b5 in smb_panic (why=0x2af6b312a875 "internal error") at ../lib/util/fault.c:162 No locals. #4 0x00002af6b311809f in fault_report (sig=11) at ../lib/util/fault.c:77 counter = 1 __FUNCTION__ = "fault_report" #5 0x00002af6b31180b4 in sig_fault (sig=11) at ../lib/util/fault.c:88 No locals. #6 <signal handler called> No symbol table info available. #7 0x00002af6cabef930 in replmd_check_urgent_objectclass ( objectclass_el=0x0, situation=REPL_URGENT_ON_UPDATE) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:205 i = 2 j = 0 #8 0x00002af6cabf29b6 in replmd_update_rpmd (module=0x2af6b17f2c20, schema=0x2af6d05e5570, req=0x2af6d05e8ad0, rename_attrs=0x0, msg=0x2af6d11ef100, seq_num=0x2af6d0c315b8, t=1387895162, is_urgent=0x7fff67c778bf, rodc=0x7fff67c778be) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1432 omd_value = 0x7fff67c77810 ndr_err = 3508465920 omd = {version = 1741125552, reserved = 32767, ctr = {ctr1 = { count = 3008684740, reserved = 10998, array = 0x7fff67c777b0}}} i = 10998 now = 130323687620000000 our_invocation_id = 0x2af6d1796390 ret = 0 attrs = 0x7fff67c77750 attrs1 = {0x2af6cabff775 "replPropertyMetaData", 0x2af6cabffc8b "*", 0x0} attrs2 = {0x2af6cabff76a "uSNChanged", 0x2af6cabffa98 "objectClass", 0x2af6cabffc8d "instanceType", 0x0} res = 0x2af6d10b0eb0 ldb = 0x2af6b17f2470 objectclass_el = 0x0 situation = REPL_URGENT_ON_UPDATE rmd_is_provided = false __FUNCTION__ = "replmd_update_rpmd" #9 0x00002af6cabf5a06 in replmd_modify (module=0x2af6b17f2c20, req=0x2af6d05e8ad0) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:2455 msds_intid_struct = 0x2af6d05e8ad0 ldb = 0x2af6b17f2470 ac = 0x2af6d0c31580 down_req = 0x2af6d0e6a100 msg = 0x2af6d11ef100 t = 1387895162 ret = 1741125936 is_urgent = false rodc = false functional_level = 3 guid_blob = 0x0 sd_propagation_control = 0x0 #10 0x00002af6bf69f94d in dsdb_module_modify (module=0x2af6b17f2c20, message=0x2af6d1183fe0, dsdb_flags=4194304, parent=0x2af6ce6ea980) at ../source4/dsdb/samdb/ldb_modules/util.c:460 ops = 0x2af6cae06b40 mod_req = 0x2af6d05e8ad0 ret = 0 ldb = 0x2af6b17f2470 tmp_ctx = 0x2af6d0ed62f0 res = 0x2af6d0e6a100 __FUNCTION__ = "dsdb_module_modify" #11 0x00002af6cabf7ebc in replmd_delete_internals (module=0x2af6b17f2c20, req=0x2af6ce6ea980, re_delete=true) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3309 ret = 0 retb = true disallow_move_on_delete = false old_dn = 0x2af6d6a2a010 new_dn = 0x2af6d0794a90 rdn_name = 0x2af6d0885c10 "CN" rdn_value = 0x2af6d10d7368 new_rdn_value = 0x2af6d0c45a00 guid = {time_low = 48, time_mid = 0, time_hi_and_version = 0, clock_seq = "\200\251", node = "n\316\366*\000"} ldb = 0x2af6b17f2470 schema = 0x2af6d05e5570 msg = 0x2af6d1183fe0 old_msg = 0x2af6d1902800 el = 0x2af6d0874900 tmp_ctx = 0x2af6d0b77560 res = 0x2af6d0d57980 parent_res = 0x30 preserved_attrs = {0x2af6cac00fe1 "nTSecurityDescriptor", 0x2af6cac055c3 "attributeID", 0x2af6cac055cf "attributeSyntax", 0x2af6cac055df "dNReferenceUpdate", 0x2af6cac055f1 "dNSHostName", 0x2af6cac055fd "flatName", 0x2af6cac05606 "governsID", 0x2af6cac05610 "groupType", 0x2af6cabffc8d "instanceType", 0x2af6cac0561a "lDAPDisplayName", 0x2af6cac0562a "legacyExchangeDN", 0x2af6cabfe94d "isDeleted", 0x2af6cabfe957 "isRecycled", 0x2af6cac020f8 "lastKnownParent", 0x2af6cac021e8 "msDS-LastKnownRDN", 0x2af6cac0563b "mS-DS-CreatorSID", 0x2af6cac0564c "mSMQOwnerID", 0x2af6cac05658 "nCName", 0x2af6cabffa98 "objectClass", 0x2af6cac0565f "distinguishedName", 0x2af6cabff5b5 "objectGUID", 0x2af6cac05671 "objectSid", 0x2af6cac0567b "oMSyntax", 0x2af6cac05684 "proxiedObjectName", 0x2af6cac014d8 "name", 0x2af6cabff775 "replPropertyMetaData", 0x2af6cac05696 "sAMAccountName", 0x2af6cac056a5 "securityIdentifier", 0x2af6cac056b8 "sIDHistory", 0x2af6cac056c3 "subClassOf", 0x2af6cac01ba8 "systemFlags", 0x2af6cac056ce "trustPartner", 0x2af6cac056db "trustDirection", 0x2af6cac056ea "trustType", 0x2af6cac056f4 "trustAttributes", 0x2af6cabfe9b8 "userAccountControl", 0x2af6cabff76a "uSNChanged", 0x2af6cabff75f "uSNCreated", 0x2af6cabff747 "whenCreated", 0x2af6cabff753 "whenChanged", 0x0} i = 12 el_count = 1 deletion_state = OBJECT_TOMBSTONE next_deletion_state = OBJECT_TOMBSTONE __FUNCTION__ = "replmd_delete_internals" #12 0x00002af6cabfbbe3 in replmd_replicated_apply_isDeleted ( ar=0x2af6d74c0b40) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:4718 del_req = 0x2af6ce6ea980 res = 0x2af6d0cdebf0 tmp_ctx = 0x2af6d0949230 deleted_objects_dn = 0x2af6d1a49f00 msg = 0x2af6d0a39620 ret = 0 #13 0x00002af6cabf0766 in replmd_op_callback (req=0x2af6d05a21e0, ares=0x2af6d0d715c0) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:526 ret = 10998 ac = 0x2af6d74c0b40 replmd_private = 0x2af6b188c7c0 modified_partition = 0x2af6d141b670 partition_ctrl = 0x2af6d1905f40 partition = 0x2af6ce6bdbe0 controls = 0x0 __FUNCTION__ = "replmd_op_callback" #14 0x00002af6b1df7ca2 in ldb_module_done (req=0x2af6d05a21e0, ctrls=0x2af6d1629aa0, response=0x0, error=0) at ../lib/ldb/common/ldb_modules.c:832 ares = 0x2af6d0d715c0 #15 0x00002af6cabf896b in replmd_op_possible_conflict_callback ( req=0x2af6d05a21e0, ares=0x2af6b1883eb0, callback=0x2af6cabf0334 <replmd_op_callback>) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3606 conflict_dn = 0x2af6cac03470 ar = 0x2af6d74c0b40 res = 0x2af6b354f89b attrs = {0x2af6cabff775 "replPropertyMetaData", 0x2af6cabff5b5 "objectGUID", 0x0} ret = -682882240 omd_value = 0x7fff67c77e20 omd = {version = 1741127104, reserved = 32767, ctr = {ctr1 = { count = 0, reserved = 0, array = 0x28}}} rmd = 0x2af6d74c0ae0 ndr_err = 10998 rename_incoming_record = false rodc = false rmd_name = 0x7fff67c77e10 omd_name = 0x2af6d74c0b40 msg = 0x2af6b1883e50 __FUNCTION__ = "replmd_op_possible_conflict_callback" #16 0x00002af6cabf93fb in replmd_op_add_callback (req=0x2af6d05a21e0, ares=0x2af6b1883eb0) at ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3802 ar = 0x2af6d74c0b40 #17 0x00002af6b1df7ca2 in ldb_module_done (req=0x2af6d05a21e0, ctrls=0x2af6d1629aa0, response=0x0, error=0) at ../lib/ldb/common/ldb_modules.c:832 ares = 0x2af6b1883eb0 #18 0x00002af6ca3c8b6a in partition_req_callback (req=0x2af6d087a1e0, ares=0x2af6d05a1fa0) at ../source4/dsdb/samdb/ldb_modules/partition.c:213 ac = 0x2af6d0949370 module = 0x2af6cd27bf12 nreq = 0x2af6d05b67b0 ret = 0 partition_ctrl = 0x2af6d0d71740 #19 0x00002af6cd2752ab in ltdb_request_done (ctx=0x2af6d1cd7ed0, error=0) at ../lib/ldb/ldb_tdb/ldb_tdb.c:1280 ldb = 0x2af6b17f2470 req = 0x2af6d087a1e0 ares = 0x2af6d05a1fa0 #20 0x00002af6cd275597 in ltdb_callback (ev=0x2af6b17ef8c0, te=0x2af6d17f75d0, t=..., private_data=0x2af6d1cd7ed0) at ../lib/ldb/ldb_tdb/ldb_tdb.c:1390 ctx = 0x2af6d1cd7ed0 ret = 0 #21 0x00002af6b3343259 in tevent_common_loop_timer_delay (ev=0x2af6b17ef8c0) at ../lib/tevent/tevent_timed.c:341 current_time = {tv_sec = 0, tv_usec = 0} te = 0x2af6d17f75d0 #22 0x00002af6b334558a in epoll_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") at ../lib/tevent/tevent_epoll.c:912 epoll_ev = 0x2af6b17efb00 tval = {tv_sec = 47239056876603, tv_usec = 47239028210096} panic_triggered = false #23 0x00002af6b3342363 in std_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") at ../lib/tevent/tevent_standard.c:112 glue_ptr = 0x2af6b17ef9b0 glue = 0x2af6b17ef9b0 ret = 10998 #24 0x00002af6b333c799 in _tevent_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b1e1eef8 "../lib/ldb/common/ldb.c:621") at ../lib/tevent/tevent.c:530 ret = 0 nesting_stack_ptr = 0x0 #25 0x00002af6b1e154c4 in ldb_wait (handle=0x2af6d67624c0, type=LDB_WAIT_ALL) at ../lib/ldb/common/ldb.c:621 ev = 0x2af6b17ef8c0 ret = 0 #26 0x00002af6b1e1786b in ldb_extended (ldb=0x2af6b17f2470, oid=0x2af6b4c4f9ce "1.3.6.1.4.1.7165.4.4.1", data=0x2af6d0e2bc60, _res=0x7fff67c78240) at ../lib/ldb/common/ldb.c:1506 req = 0x2af6d0c45a00 ret = 0 res = 0x2af6d69238f0 #27 0x00002af6b4c4a0d6 in dsdb_replicated_objects_commit (ldb=0x2af6b17f2470, working_schema=0x0, objects=0x2af6d0e2bc60, notify_uSN=0x2af6d14a65f0) at ../source4/dsdb/repl/replicated_objects.c:773 werr = {w = 0} ext_res = 0x0 cur_schema = 0x0 new_schema = 0x0 ret = 0 seq_num1 = 5554 seq_num2 = 47239626746464 used_global_schema = false tmp_ctx = 0x2af6d03c5860 __FUNCTION__ = "dsdb_replicated_objects_commit" #28 0x00002af6c1c6babb in dreplsrv_op_pull_source_apply_changes_trigger ( req=0x2af6d17daed0, r=0x2af6d17db0d0, ctr_level=6, ctr1=0x0, ctr6=0x2af6d1b02bb0) at ../source4/dsdb/repl/drepl_out_helpers.c:717 state = 0x2af6d17db050 rf1 = {blobsize = 274, consecutive_sync_failures = 0, last_success = 130323684670000000, last_attempt = 130323687610000000, result_last_attempt = {w = 0}, other_info = 0x2af6d0949910, other_info_length = 66, replica_flags = 112, schedule = '\021' <repeats 84 times>, reserved = 0, highwatermark = {tmp_highest_usn = 12398, reserved_usn = 0, highest_usn = 12398}, source_dsa_obj_guid = { time_low = 984092159, time_mid = 850, time_hi_and_version = 18870, clock_seq = "\251X", node = "UF\324\223\205\241"}, source_dsa_invocation_id = { time_low = 1460694408, time_mid = 52035, time_hi_and_version = 18738, clock_seq = "\204}", node = "\264\365\276\372\256\303"}, transport_guid = { time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}} service = 0x2af6d0ff6b00 partition = 0x2af6d0b6f220 drsuapi = 0x2af6d1c8d480 schema = 0x2af6d05e5570 working_schema = 0x0 mapping_ctr = 0x2af6d1b02c10 object_count = 50 first_object = 0x2af6d0571800 linked_attributes_count = 0 linked_attributes = 0x2af6d5212140 uptodateness_vector = 0x2af6d1a741c0 objects = 0x2af6d0e2bc60 more_data = false status = {w = 0} nt_status = {v = 3006553120} dsdb_repl_flags = 0 __FUNCTION__ = "dreplsrv_op_pull_source_apply_changes_trigger" #29 0x00002af6c1c6b3e7 in dreplsrv_op_pull_source_get_changes_done ( subreq=0x0) at ../source4/dsdb/repl/drepl_out_helpers.c:599 req = 0x2af6d17daed0 state = 0x2af6d17db050 status = {v = 0} r = 0x2af6d17db0d0 ctr_level = 6 ctr1 = 0x0 ctr6 = 0x2af6d1b02bb0 extended_ret = DRSUAPI_EXOP_ERR_NONE #30 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d1a73f70, location=0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_c.c:712") at ../lib/tevent/tevent_req.c:102 No locals. #31 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d1a73f70, state=TEVENT_REQ_DONE, location=0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_c.c:712") at ../lib/tevent/tevent_req.c:117 No locals. #32 0x00002af6b333e374 in _tevent_req_done (req=0x2af6d1a73f70, location=0x2af6c1c7d5f8 "default/librpc/gen_ndr/ndr_drsuapi_c.c:712") at ../lib/tevent/tevent_req.c:123 No locals. #33 0x00002af6c1c708df in dcerpc_drsuapi_DsGetNCChanges_r_done ( subreq=0x2af6d122f4c0) at default/librpc/gen_ndr/ndr_drsuapi_c.c:712 req = 0x2af6d1a73f70 status = {v = 0} #34 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d122f4c0, location=0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") at ../lib/tevent/tevent_req.c:102 No locals. #35 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d122f4c0, state=TEVENT_REQ_DONE, location=0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") at ../lib/tevent/tevent_req.c:117 No locals. #36 0x00002af6b333e374 in _tevent_req_done (req=0x2af6d122f4c0, location=0x2af6b575b688 "../librpc/rpc/binding_handle.c:517") at ../lib/tevent/tevent_req.c:123 No locals. #37 0x00002af6b5757ede in dcerpc_binding_handle_call_done (subreq=0x0) at ../librpc/rpc/binding_handle.c:517 req = 0x2af6d122f4c0 state = 0x2af6d122f640 h = 0x2af6d0959d10 error = {v = 0} out_flags = 0 ndr_err = NDR_ERR_SUCCESS #38 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d522f7a0, location=0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") at ../lib/tevent/tevent_req.c:102 No locals. #39 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d522f7a0, state=TEVENT_REQ_DONE, location=0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") at ../lib/tevent/tevent_req.c:117 No locals. #40 0x00002af6b333e374 in _tevent_req_done (req=0x2af6d522f7a0, location=0x2af6b575b1d0 "../librpc/rpc/binding_handle.c:188") at ../lib/tevent/tevent_req.c:123 No locals. #41 0x00002af6b5757398 in dcerpc_binding_handle_raw_call_done (subreq=0x0) at ../librpc/rpc/binding_handle.c:188 req = 0x2af6d522f7a0 state = 0x2af6d522f920 error = {v = 0} #42 0x00002af6b333e2f8 in _tevent_req_notify_callback (req=0x2af6d0712430, location=0x2af6b44b8810 "../source4/librpc/rpc/dcerpc.c:322") at ../lib/tevent/tevent_req.c:102 No locals. #43 0x00002af6b333e34d in tevent_req_finish (req=0x2af6d0712430, state=TEVENT_REQ_DONE, location=0x2af6b44b8810 "../source4/librpc/rpc/dcerpc.c:322") at ../lib/tevent/tevent_req.c:117 No locals. #44 0x00002af6b333e472 in tevent_req_trigger (ev=0x2af6b17ef8c0, im=0x2af6d0712500, private_data=0x2af6d0712430) at ../lib/tevent/tevent_req.c:174 req = 0x2af6d0712430 #45 0x00002af6b333d6d4 in tevent_common_loop_immediate (ev=0x2af6b17ef8c0) at ../lib/tevent/tevent_immediate.c:135 im = 0x2af6d0712500 handler = 0x2af6b333e423 <tevent_req_trigger> private_data = 0x2af6d0712430 #46 0x00002af6b3345570 in epoll_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent_epoll.c:907 epoll_ev = 0x2af6b17efb00 tval = {tv_sec = 47239056876603, tv_usec = 47239028210096} panic_triggered = false #47 0x00002af6b3342363 in std_event_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent_standard.c:112 glue_ptr = 0x2af6b17ef9b0 glue = 0x2af6b17ef9b0 ret = 10998 #48 0x00002af6b333c799 in _tevent_loop_once (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent.c:530 ret = 0 nesting_stack_ptr = 0x0 #49 0x00002af6b333ca11 in tevent_common_loop_wait (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent.c:634 ret = 0 #50 0x00002af6b3342405 in std_event_loop_wait (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent_standard.c:138 glue_ptr = 0x2af6b17ef9b0 glue = 0x2af6b17ef9b0 ret = 10998 #51 0x00002af6b333cadc in _tevent_loop_wait (ev=0x2af6b17ef8c0, location=0x2af6b15a7b9f "../source4/smbd/server.c:503") at ../lib/tevent/tevent.c:653 No locals. #52 0x00002af6b15a37bc in binary_smbd_main ( binary_name=0x2af6b15a737b "samba", argc=6, argv=0x7fff67c78de8) at ../source4/smbd/server.c:503 opt_daemon = false opt_interactive = true opt = -1 pc = 0x2af6b17d5040 static_init = {0x2af6b2ac7d8c <server_service_auth_init>, 0x2af6b2aca9e7 <server_service_echo_init>, 0} shared_init = 0x2af6b18143b0 event_ctx = 0x2af6b17ef8c0 stdin_event_flags = 1 status = {v = 0} model = 0x2af6b17d5b90 "single" max_runtime = 7500 Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jan 6 01:16:13 CET 2014 on sn-devel-104
2014-01-03 12:56:38 +01:00
# Offline logon (ad_member)
plantestsuite("samba.blackbox.offline_logon",
"ad_member_offlogon",
[os.path.join(bbdir, "test_offline_logon.sh"),
'$DOMAIN',
'alice', 'Secret007',
'bob', 'Secret007',
'jane', 'Secret007',
'joe', 'Secret007'])
#
# KDC Tests
#
# This test is for users cached at the RODC
plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD',
'--workgroup=$DOMAIN', '--realm=$REALM',
'--option=torture:krb5-upn=testdenied_upn@$REALM.upn',
'--option=torture:expect_rodc=true'],
"samba4.krb5.kdc with account DENIED permission to replicate to an RODC")
plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", r'-Utestallowed\ account%$PASSWORD',
'--workgroup=$DOMAIN', '--realm=$REALM',
'--option=torture:expect_machine_account=true',
r'--option=torture:krb5-upn=testallowed\ upn@$REALM',
'--option=torture:krb5-hostname=testallowed',
'--option=torture:expect_rodc=true',
'--option=torture:expect_cached_at_rodc=true'],
"samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC")
# This ensures we have correct behaviour on a server that is not not the PDC emulator
env = "promoted_dc"
plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'],
"samba4.krb5.kdc with specified account")
plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestupnspn%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM',
'--option=torture:expect_machine_account=true',
'--option=torture:krb5-upn=http/testupnspn.$DNSNAME@$REALM',
'--option=torture:krb5-hostname=testupnspn.$DNSNAME',
'--option=torture:krb5-service=http'],
"samba4.krb5.kdc with account having identical UPN and SPN")
for env in ["fl2008r2dc", "fl2003dc"]:
fast_support = have_fast_support
if env in ["fl2003dc"]:
fast_support = 0
planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests",
environ={
**krb5_environ,
'FAST_SUPPORT': fast_support,
})
planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
environ=krb5_environ)
for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
if env == "rodc":
# The machine account is cached at the RODC, as it is the local account
extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true']
else:
extra_options = []
plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P',
'--workgroup=$DOMAIN', '--realm=$REALM',
'--option=torture:krb5-hostname=$SERVER',
'--option=torture:run_removedollar_test=true',
'--option=torture:expect_machine_account=true'] + extra_options,
"samba4.krb5.kdc with machine account")
planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests",
environ=krb5_environ)
for env, fast_support in [("ad_dc", True),
("fl2003dc", False)]:
planpythontestsuite(env, "samba.tests.krb5.compatability_tests",
environ={
**krb5_environ,
'FAST_SUPPORT': int(have_fast_support and fast_support),
})
planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
environ=krb5_environ)
planpythontestsuite(
"ad_dc",
"samba.tests.krb5.kdc_tgs_tests",
environ=krb5_environ)
planpythontestsuite(
"ad_dc",
"samba.tests.krb5.fast_tests",
environ=krb5_environ)
planpythontestsuite(
"ad_dc",
"samba.tests.krb5.ms_kile_client_principal_lookup_tests",
environ=krb5_environ)
planpythontestsuite(
"ad_dc",
"samba.tests.krb5.spn_tests",
environ=krb5_environ)
planpythontestsuite(
"ad_dc",
"samba.tests.krb5.alias_tests",
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.pac_align_tests',
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.protected_users_tests',
environ=krb5_environ)
for env, nt_hash in [("ad_dc:local", True),
("ad_dc_no_ntlm:local", False)]:
planoldpythontestsuite(
env,
'samba.tests.krb5.nt_hash_tests',
environ={
**krb5_environ,
'EXPECT_NT_HASH': int(nt_hash),
})
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.kpasswd_tests',
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.claims_tests',
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.device_tests',
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc:local',
'samba.tests.krb5.lockout_tests',
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.group_tests',
environ=krb5_environ)
for env, forced_rc4 in [('ad_dc', False),
('promoted_dc', True)]:
planoldpythontestsuite(
env,
'samba.tests.krb5.etype_tests',
environ={
**krb5_environ,
'DC_SERVER': '$SERVER',
'DC_SERVER_IP': '$SERVER_IP',
'DC_SERVER_IPV6': '$SERVER_IPV6',
'FORCED_RC4': int(forced_rc4),
})
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.authn_policy_tests',
environ=krb5_environ)
tests/krb5: Add PK-INIT testing framework To run these tests standalone, you will need the certificate and private key of the Certificate Authority. These can be specified together in the same file with the environment variable CA_CERT, or the private key may be specified in its own file with CA_PRIVATE_KEY. If either of these files are encrypted, you can specify the password in the environment variable CA_PASS. These tests create a new certificate for the user account, signed with the private key of the Certificate Authority. We negotiate the reply key with either of the public-key and Diffie-Hellman PK-INIT variants, and use the reply key to decrypt the enc-part in the response. We also check that the KDC’s signatures are valid. Most of the failures with the Heimdal KDC are due to the wrong nonce being returned in the reply compared to Windows, which issue is simple enough to correct. An example command line for manual testing against Windows: SMB_CONF_PATH=ad_dc.conf KRB5_CONFIG=krb5.conf SERVICE_USERNAME=win2k19-dc.example.com ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass ADMIN_KVNO=1 FOR_USER=Administrator USERNAME=Administrator PASSWORD=locDCpass DC_SERVER=win2k19-dc.example.com SERVER=win2k19-dc.example.com DOMAIN=example REALM=example.com PYTHONPATH=bin/python STRICT_CHECKING=1 FAST_SUPPORT=1 CLAIMS_SUPPORT=1 COMPOUND_ID_SUPPORT=1 TKT_SIG_SUPPORT=1 FULL_SIG_SUPPORT=1 GNUTLS_PBKDF2_SUPPORT=1 EXPECT_PAC=1 EXPECT_EXTRA_PAC_BUFFERS=1 CHECK_CNAME=1 CHECK_PADATA=1 KADMIN_IS_TGS=0 FORCED_RC4=1 DEFAULT_ETYPES=36 CA_CERT=./win2k19-ca.pfx CA_PASS=1234 python3 python/samba/tests/krb5/pkinit_tests.py To set up windows for this I first installed an Certificate Authority with an Enterprise CA. Then I exported the private key and certificate of the CA: 1. go into the Certification Authority snap-in for the relevant computer, 2. right-clicking the CA 3. clicking ‘All Tasks’ → ‘Back up CA...’ 4. and exporting the private key and CA certificate. (I downloaded the resulting file via smbclient). After setting up an Enterprise CA, I also needed to edit the domain controller GPO to enable auto-enrollment, otherwise Windows would refuse to accept as legitimate any certificates provided by the client. That can be done by first enabling the policy: ‘Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies/Certificate Services Client — Auto-Enrollment’, and then ticking both ‘Renew expired certificates…’ and ‘Update certificates…’) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-03 14:43:10 +12:00
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.pkinit_tests',
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.conditional_ace_tests',
environ=krb5_environ)
planoldpythontestsuite(
'ad_dc',
'samba.tests.krb5.gkdi_tests',
environ=krb5_environ)
for env in [
'vampire_dc',
'promoted_dc']:
planoldpythontestsuite(env, "samba.tests.kcc",
name="samba.tests.kcc",
environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME',
'TEST_PASSWORD': '$PASSWORD',
'TEST_ENV': env
},
extra_path=[os.path.join(srcdir(), "samba/python"), ])
planpythontestsuite(env, "samba.tests.samba_tool.visualize_drs")
planpythontestsuite("ad_dc_default:local", "samba.tests.kcc.kcc_utils")
for env in ["simpleserver", "fileserver", "nt4_dc", "ad_dc",
"ad_member", "offlinebackupdc", "restoredc", "renamedc", "labdc", 'schema_pair_dc']:
planoldpythontestsuite(env, "netlogonsvc",
extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
name="samba.tests.netlogonsvc.python(%s)" % env)
for env in ["ktest", "ad_member", "ad_dc_no_ntlm"]:
planoldpythontestsuite(env, "ntlmdisabled",
extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
name="samba.tests.ntlmdisabled.python(%s)" % env)
# Demote the vampire DC, it must be the last test each DC, before the dbcheck
for env in ['vampire_dc', 'promoted_dc', 'rodc']:
planoldpythontestsuite(env, "samba.tests.samba_tool.demote",
name="samba.tests.samba_tool.demote",
environ={
'CONFIGFILE': '$PREFIX/%s/etc/smb.conf' % env
},
extra_args=['-U"$USERNAME%$PASSWORD"'],
extra_path=[os.path.join(srcdir(), "samba/python")]
)
# TODO: Verifying the databases really should be a part of the
# environment teardown.
# check the databases are all OK. PLEASE LEAVE THIS AS THE LAST TEST
for env in ["ad_dc", "fl2000dc", "fl2003dc", "fl2008r2dc",
'vampire_dc', 'promoted_dc', 'backupfromdc', 'restoredc',
'renamedc', 'offlinebackupdc', 'labdc']:
plantestsuite("samba4.blackbox.dbcheck(%s)" % env, env + ":local", ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck.sh"), '$PREFIX/provision', configuration])
#
# Tests to verify bug 13653 https://bugzilla.samba.org/show_bug.cgi?id=13653
# ad_dc has an lmdb backend, ad_dc_ntvfs has a tdb backend.
#
planoldpythontestsuite("ad_dc_ntvfs:local",
"samba.tests.blackbox.bug13653",
extra_args=['-U"$USERNAME%$PASSWORD"'],
environ={'TEST_ENV': 'ad_dc_ntvfs'})
planoldpythontestsuite("ad_dc:local",
"samba.tests.blackbox.bug13653",
extra_args=['-U"$USERNAME%$PASSWORD"'],
environ={'TEST_ENV': 'ad_dc'})
# cmocka tests not requiring a specific environment
#
plantestsuite("samba4.dsdb.samdb.ldb_modules.unique_object_sids", "none",
[os.path.join(bindir(), "test_unique_object_sids")])
plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.tdb", "none",
[os.path.join(bindir(), "test_encrypted_secrets_tdb")])
plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb", "none",
[os.path.join(bindir(), "test_encrypted_secrets_mdb")])
plantestsuite("lib.audit_logging.audit_logging", "none",
[os.path.join(bindir(), "audit_logging_test")])
plantestsuite("lib.audit_logging.audit_logging.errors", "none",
[os.path.join(bindir(), "audit_logging_error_test")])
plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_util", "none",
[os.path.join(bindir(), "test_audit_util")])
plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log", "none",
[os.path.join(bindir(), "test_audit_log")])
plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log.errors", "none",
[os.path.join(bindir(), "test_audit_log_errors")])
plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit", "none",
[os.path.join(bindir(), "test_group_audit")])
plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit.errors", "none",
[os.path.join(bindir(), "test_group_audit_errors")])
plantestsuite("samba4.dcerpc.dnsserver.dnsutils", "none",
[os.path.join(bindir(), "test_rpc_dns_server_dnsutils")])
plantestsuite("libcli.drsuapi.repl_decrypt", "none",
[os.path.join(bindir(), "test_repl_decrypt")])
plantestsuite("librpc.ndr.ndr_string", "none",
[os.path.join(bindir(), "test_ndr_string")])
plantestsuite("librpc.ndr.ndr", "none",
[os.path.join(bindir(), "test_ndr")])
plantestsuite("librpc.ndr.ndr_macros", "none",
[os.path.join(bindir(), "test_ndr_macros")])
plantestsuite("librpc.ndr.ndr_dns_nbt", "none",
[os.path.join(bindir(), "test_ndr_dns_nbt")])
plantestsuite("librpc.ndr.test_ndr_gmsa", "none",
[os.path.join(bindir(), "test_ndr_gmsa")])
plantestsuite("libcli.ldap.ldap_message", "none",
[os.path.join(bindir(), "test_ldap_message")])
# process restart and limit tests, these break the environment so need to run
# in their own specific environment
planoldpythontestsuite("preforkrestartdc:local",
"samba.tests.prefork_restart",
extra_path=[
os.path.join(srcdir(), 'python/samba/tests')],
extra_args=['-U"$USERNAME%$PASSWORD"'],
name="samba.tests.prefork_restart")
planoldpythontestsuite("preforkrestartdc:local",
"samba.tests.blackbox.smbcontrol_process",
extra_path=[
os.path.join(srcdir(), 'python/samba/tests')],
extra_args=['-U"$USERNAME%$PASSWORD"'],
name="samba.tests.blackbox.smbcontrol_process")
planoldpythontestsuite("proclimitdc",
"samba.tests.process_limits",
extra_path=[
os.path.join(srcdir(), 'python/samba/tests')],
extra_args=['-U"$USERNAME%$PASSWORD"'],
name="samba.tests.process_limits")
planoldpythontestsuite("none", "samba.tests.usage")
planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc")
lib/compression: add simple python bindings There are four functions, allowing compression and decompression in the two formats we support so far. The functions will accept bytes or unicode strings which are treated as utf-8. The LZ77+Huffman decompression algorithm requires an exact target length to decompress, so this is mandatory. The plain decompression algorithm does not need an exact length, but you can provide one to help it know how much space to allocate. As currently written, you can provide a short length and it will often succeed in decompressing to a different shorter string. These bindings are intended to make ad-hoc investigation easier, not for production use. This is reflected in the guesses about output size that plain_decompress() makes if you don't supply one -- either they are stupidly wasteful or ridiculously insufficient, depending on whether or not you were trying to decompress a 20MB string. >>> a = '12345678' >>> import compression >>> b = compression.huffman_compress(a) >>> b b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #.... >>> len(b) 262 >>> c = compression.huffman_decompress(b, len(a)) >>> c b'12345678' # note, c is bytes, a is str >>> a '12345678' >>> d = compression.plain_compress(a) >>> d b'\xff\xff\xff\x0012345678' >>> compression.plain_decompress(d) # no size specified, guesses b'12345678' >>> compression.plain_decompress(d,5) b'12345' >>> compression.plain_decompress(d,0) # 0 for auto b'12345678' >>> compression.plain_decompress(d,1) b'1' >>> compression.plain_decompress(a,444) Traceback (most recent call last): compression.CompressionError: unable to decompress data into a buffer of 444 bytes. >>> compression.plain_decompress(b,444) b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #... That last one decompresses the Huffman compressed file with the plain compressor; pretty much any string is valid for plain decompression. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-25 16:43:52 +13:00
planoldpythontestsuite("none", "samba.tests.compression")
planpythontestsuite("none", "samba.tests.security_descriptors")
if have_cluster_support:
cluster_environ = {
"SERVER_HOSTNAME": "$NETBIOSNAME",
"INTERFACE_GROUP_NAME": "$NETBIOSNAME",
"CLUSTER_SHARE": "registry_share",
"USERNAME": "$DC_USERNAME",
"PASSWORD": "$DC_PASSWORD",
}
planpythontestsuite("clusteredmember:local",
"samba.tests.blackbox.rpcd_witness_samba_only",
environ=cluster_environ)