1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1303 Commits

Author SHA1 Message Date
Michael Adam
ce8de54a68 selftest: check for smbd on a 1-second basis.
Chance to reduce the overall time spent in checking for smbd

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-07-12 17:49:19 +02:00
Michael Adam
25fee06e0c selftest: check for winbind on 1-second basis
There is a chance to reduce the overall time spent checking.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-07-12 17:49:19 +02:00
Andrew Bartlett
89e67e309a Revert selftest: Add knownfail entry required to disable tombstone_reanimation
This reverts e0fa42201b

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul  9 18:41:40 CEST 2016 on sn-devel-144
2016-07-09 18:41:40 +02:00
Stefan Metzmacher
2a44b692c0 Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
We pass this tests again...

This reverts commit HEAD~2.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Stefan Metzmacher
c7307fb7e4 selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
We'll change the behaviour step by step to match Windows.
At the end we'll pass the test again and revert this patch.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-08 10:01:20 +02:00
Andreas Schneider
3be06be00f selftest: Do not use the deprecated samba-tool user add
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-07-06 19:07:16 +02:00
Andreas Schneider
860d465e2b s4-torture: Add AES and RC4 enctype checks
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  6 19:06:19 CEST 2016 on sn-devel-144
2016-07-06 19:06:18 +02:00
Bob Campbell
ef0cbc5560 selftest: add check password script test
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-05 00:00:14 +02:00
Andreas Schneider
1be45ab4d5 selftest: Skip the samba4.raw.eas tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00
Andreas Schneider
9da97e5572 selftest: Skip also s4 base.createx_sharemodes_dir
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00
Andreas Schneider
bba66ca459 selftest: Remove samba4.smb2.compound tests we skip
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00
Andreas Schneider
82f0c72c39 selftest: Remove samba4 delaywrite tests we skip
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00
Andreas Schneider
32d10fd77b selftest: Skip s4 smb2 rename tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00
Andreas Schneider
2240aff7ed selftest: Skip the Samba4 rap tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00
Andreas Schneider
ca0332e901 selftest: Skip smbtorture_s3 tests against ntvfs
This reduces the time our testsuite is running. We are not going to
implement these features so it doesn't make sense to run the test at
all. More will follow.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00
Ralph Boehme
aa54fa4e88 selftest: make autorid the default idmap backend in admember_rfc2307
This is needed for a new test in the next commit. Exisiting tests aren't
affected by this, at least a private autobuild passed with this
change.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-06-28 07:27:18 +02:00
Stefan Metzmacher
3076b1ed44 selftest: add save.env.sh helper script.
This can be used to store the environment from within
make testenv.

It can be restored with:

. bin/restore.env.source

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:15 +02:00
Ralph Boehme
2db5c10ac5 s4/torture: add a test for dosmode and hidden files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-25 18:47:17 +02:00
Ralph Boehme
0c04f5ffcb selftest: make samba3.blackbox.smbclient_tar as flapping
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 20 12:07:18 CEST 2016 on sn-devel-144
2016-06-20 12:07:17 +02:00
Ralph Boehme
ea3ca6be64 selftest: Kerberos auth with netbios alias SPNs
Since commit 0f6d51f34b libnet_join
automatically adds netbios aliases as SPNs to the machine account.

This commit adds a simple test with smbclient -k against the aliases.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jun 19 19:07:46 CEST 2016 on sn-devel-144
2016-06-19 19:07:45 +02:00
Jeremy Allison
4db1c7d1cf s3: torture: Add test that proves Win2k12 correctly returns pidlow and pidhigh in SMB1 requests.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-18 15:32:18 +02:00
Andreas Schneider
fa5292a365 selftest: Remove nbt wait time
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 17 22:15:09 CEST 2016 on sn-devel-144
2016-06-17 22:15:09 +02:00
Andreas Schneider
2643275de6 selftest: Add newlines for info output
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-17 18:15:22 +02:00
Andreas Schneider
d6fdf3bb23 selftest: Fix indentation in wait_for_start()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-17 18:15:22 +02:00
Andreas Schneider
1619cde477 selftest: Consistently check for provision return code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-17 18:15:22 +02:00
Andreas Schneider
f6e4dc2a92 selftest: Remove unneeded sleep before first ldbsearch execution
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-17 18:15:21 +02:00
Andreas Schneider
341d06fa24 selftest: Use the correct smb.conf for ldbsearch
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-17 18:15:21 +02:00
Garming Sam
0c0b8988f7 flapping: remove samba_dnsupdate from flapping
nsupdate is now installed

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-06-17 14:13:19 +02:00
Garming Sam
8dc3110a5f getncchanges: Match Windows on linked attribute sort
The order of linked attributes depends on comparison of the NDR packed
GUIDs (not its struct GUID form).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
2bb8e183fd tests/drs: change sort order in tests to match Windows
Although we attempted to sort by GUID based on DRSR, it is actually
sorted by the ndr packed GUID.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
e2743b110f flapping: temporarily add samba_dnsupdate test
This should be removed when we can run nsupdate on sn-devel

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 16 08:37:56 CEST 2016 on sn-devel-144
2016-06-16 08:37:56 +02:00
Andrew Bartlett
ba22d29144 selftest: Always set up a resolv.conf and use it in samba_dnsupdate
This allows samba_dnsupdate to be tested without resolv_wrapper.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Andrew Bartlett
f5aaa1ea31 selftest: Ensure we write 127. addresses into DNS
The --all-interfaces option is required both with and without the dns_host_file

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Andreas Schneider
0ae1bbf9b8 selftest: Set the correct hostname
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-06-09 15:13:07 +02:00
Andrew Bartlett
374a01119d dsdb: Fix rename and RDN handling for replPropertyMetaData
This matches Windows 2012R2, which both has the RDN not sorted last and has it updated with the local
invocation_id and a local version.

The RDN attribute, unlike name, is not replicated over DRS, so the impact for interopability extends only to
the incorrect RDN values that we were finding with dbcheck (values that did not match the name values).

Finally, we always force the RDN to match the name attribute, which avoids issues
in dbcheck where these diverge.  As such, we can finally remove dbcheck as a
flapping test, last re-added in e4bab3a828

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-07 10:28:10 +02:00
Andrew Bartlett
fa2a94ae4c selftest: These replication tests are now OK after we fixed all the replication bugs
We have run this test a number of times, and these tests do not flap
in those tests

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun  7 01:45:08 CEST 2016 on sn-devel-144
2016-06-07 01:45:07 +02:00
Andrew Bartlett
e070af22ac selftest: Only mark runtime dbcheck as flapping
The dbcheck-oldrelease.sh based tests do not flap

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
be7b29135c selftest: Mark LDAPNotificationTest.test_max_search flapping
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-02 16:36:15 +02:00
Uri Simchoni
42151f6fa2 smbd: dfree - ignore quota if not enforced
When calculating free disk space, do not take user quota
into account if quota is globally not enforced on the file
system.

This is meant to fix a specific problem with XFS. One might
say "why don't you fix the XFS-specific code instead?". The
reason for that is that getting and setting quota must not
be affected by whether quota is actually enforced. NTFS has
the same notion of separating quota accounting (and being
able to configure / retrieve configured quota), from quota
enforcement.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 28 00:09:05 CEST 2016 on sn-devel-144
2016-05-28 00:09:05 +02:00
Uri Simchoni
de2d624d07 selftest: add disk-free quota tests
Add a test for situation where quota accounting is enabled
but quota enforcement is disabled (disk-free should not take
quota into account)

Add a test for situation where overall quota status reporting
(whether or not it's enforcing) is not supported - as with NFS.
In that case it must be assumed that if quota is configured, then
it is also enforced (as with NFS).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-27 20:36:06 +02:00
Dirk Godau
1fd7c28d5f Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
W2K8 Clients ask for DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 on DsBind. W2K8
expect this to be set (with server fl 2k8) or else they do not call
DsGetDomainControllerInfo.

If DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 is set, DsGetDomainControllerInfo
must be able to return DCInfo Level 3.

If Samba4 AD ist set to work as 2k8, with >2k8 clients the following
will not work as expected:

  * Group Policy Editor Infrastructure Discovery
  * nltest /dclist:<domain>
  * w32tm /monitor

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9971
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9976

Signed-off-by: Dirk Godau <voidswitch@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu May 26 06:21:10 CEST 2016 on sn-devel-144
2016-05-26 06:21:10 +02:00
Dirk Godau
6ded4f5230 drsuapi tests for DsBind with w2k8
These are marked as known_fail pending the next patch ("Extend DsBind
and DsGetDomainControllerInfo to work with w2k8").

Signed-off-by: Dirk Godau <voidswitch@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-05-26 02:44:31 +02:00
Stefan Metzmacher
6de656b8f1 selftest: use the default values for "server signing"
That will hopefully catch possible regressions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 24 18:35:19 CEST 2016 on sn-devel-144
2016-05-24 18:35:19 +02:00
Michael Adam
de2bc193ad selftest: systematize formatting of if/elseif/else indentation in cleanup_child
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue May 24 13:43:35 CEST 2016 on sn-devel-144
2016-05-24 13:43:35 +02:00
Michael Adam
98304a84b7 selftest: improve logic in cleanup_child() with early return
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-05-24 10:12:19 +02:00
Michael Adam
e06d01647e selftest: improve misleading indentation in cleanup_child()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-05-24 10:12:19 +02:00
Michael Adam
7a3f0cfd65 selftest: fix printf in cleanup_child()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-05-24 10:12:19 +02:00
Jeremy Allison
1863e6da0a s3: torture: Add POSIX-OFD-LOCK test.
Ensures that we *always* expose ofd-lock behavior to clients.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
2016-05-21 01:28:28 +02:00
Douglas Bagnall
91f6439929 tests/dcerpc: add tests for string allocation and deletion
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 10 05:11:42 CEST 2016 on sn-devel-144
2016-05-10 05:11:42 +02:00
Douglas Bagnall
eab6796f5b selftest: Enable samba.tests.dcerpc.array test
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:15 +02:00
Andrew Bartlett
bcace463b9 selftest: Include a few more details in selftest and samba startup.
This helps us understand failure modes in selftest

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
90cbf4fb20 selftest: Wait 60 seconds for a RID alloc
This ensures we give it a reasonable enough chance to start up.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
2855a30ecc selftest: Print a message when RID allocation fails
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:13 +02:00
Garming Sam
2570f16497 tests/dns: Add additional testing of CNAME handling
RFC 1034, for instance, describes that all intermediate CNAMEs should be
returned. As it is, CNAME do not return all found intermediate results
in the case of straightforward failure. It should be noted that in the
case of forwarding success, ALL intermediate paths are returned,
including the failure ones.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-03 08:10:09 +02:00
Garming Sam
3b2f9f8756 tests/dns_forwarder: Add testing for DNS forwarding
The new tests show that single and multiple forwarders work as expected.
They also describe the behaviour encountered when the DNS server
encounters a CNAME from a forwarded request (which is not to pursue any
further).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-03 08:10:09 +02:00
Garming Sam
870b74d73e selftest: Remove an early return in the fl2003dc provision
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-03 08:10:09 +02:00
Björn Jacke
90403de7ac testsuit/manage-ca.sh: specify key size in CSRs
specifying the key size is required by some openssl versions

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-28 20:48:14 +02:00
Stefan Metzmacher
4de4338723 selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:17 +02:00
Stefan Metzmacher
587b5db797 selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:17 +02:00
Stefan Metzmacher
b8055cb42c selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:17 +02:00
Stefan Metzmacher
b6ac2275c3 CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
pkt->u.*.auth_info.length is not the correct thing to check.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
ace23643d1 CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
We now avoid reusing the same auth_info structure for incoming and outgoing
values. We need to make sure that the remote server doesn't overwrite our own
values.

This will trigger some failures with our currently broken server,
which will be fixed in the next commits.

The broken server requires an dcerpc_auth structure with no credentials
in order to do an alter_context request that just creates a presentation
context without doing authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
41bccb5ae5 CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Pair-Programmed-With: Günther Deschner <gd@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
398a21c57c CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
80dae9afda CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
This matches windows and prevents man in the middle downgrade attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
7cf3318fa9 CVE-2016-2113: selftest: use "tls verify peer = no_check"
Individual tests will check the more secure values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
942e4ed851 CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
2b40fb8509 CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
We want to test against all "ldap server require strong auth" combinations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
e71be8099a CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
The default is "ldap server require strong auth = yes",
ad_dc_ntvfs uses "ldap server require strong auth = allow_sasl_over_tls",
fl2008r2dc uses "ldap server require strong auth = no".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
5ab1db006e CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
e4bab3a828 Revert "selftest: dbcheck should not be marked flapping"
This reverts commit a7b242aa61.
2016-04-12 19:25:22 +02:00
Christof Schmitt
6eba42f927 selftest: Load time_audit and full_audit
This triggers the check for missing VFS functions in these modules.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-06 00:15:17 +02:00
Stefan Metzmacher
5dccb19801 selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"
This avoids picking up a gid from the DC's winbind when
creating BUILTIN\Administrators

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 24 22:15:44 CET 2016 on sn-devel-144
2016-03-24 22:15:44 +01:00
Uri Simchoni
099c6f3252 seltest: add test for "ignore system acls" in vfs_acl_xattr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-24 03:06:16 +01:00
Michael Adam
e9586a653c torture:smb2: add durable-v2-open.reopen1a-lease
Lease variant of the reopen1a test which tests the
relevance of the client guid.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 22 03:47:02 CET 2016 on sn-devel-144
2016-03-22 03:47:02 +01:00
Michael Adam
3e90abe670 torture:smb2: add durable-open.reopen1a-lease
Lease variant of the reopen1a test which tests the
relevance of the client guid.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:22 +01:00
Günther Deschner
2b799880b9 torture:smb2: add test for checking sequence number wrap around.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:21 +01:00
Stefan Metzmacher
b00c38afc6 selftest: setup information of new samba.example.com CA in the client environment
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:16 +01:00
Stefan Metzmacher
b2c0f71db0 selftest: set tls crlfile if it exist
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:16 +01:00
Stefan Metzmacher
c321a59f26 selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
a6447fd6d0 selftest: add Samba::prepare_keyblobs() helper function
This copies the certificates from the samba.example.com CA if they
exist.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
2a96885ac7 selftest: mark commands in manage-CA-samba.example.com.sh as DONE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
1928f08106 selftest: add CA-samba.example.com binary files (currently unused by Samba)
This patch can be skipped, when it causes problems with tools like 'patch'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
520c85a15f selftest: add CA-samba.example.com (non-binary) files
The binary files will follow in the next, this allows the next
commit to be skipped as the binary files are not used by samba yet.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
bdc1f036a8 selftest: add config and script to create a samba.example.com CA
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
b0bdbeeef4 selftest: add some helper scripts to mange a CA
This is partly based on the SmartCard HowTo from:
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
c561a42ff6 selftest: s!addc.samba.example.com!addom.samba.example.com!
It's confusing to have addc.samba.example.com as domain name
and addc.addc.samba.example.com as hostname.

We now have addom.samba.example.com as domain name
and addc.addom.samba.example.com as hostname.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:15 +01:00
Stefan Metzmacher
2ef0eed07e selftest: mark samba4.winbind.struct.domain_info.ad_member as flapping
See https://lists.samba.org/archive/samba-technical/2016-March/112861.html

  found 517 lines matching '^UNEXPECTED' in 641 files matching 'samba.stdout$'
   175 UNEXPECTED(failure): samba4.winbind.struct.domain_info(ad_member:local)
    19 UNEXPECTED(failure): samba4.winbind.struct.domain_info(s3member:local)
    12 UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_encrypt_decrypt_wrong_key(ad_dc_ntvfs)
    12 UNEXPECTED(failure): samba4.drs.delete_object.python(promoted_dc).delete_object.DrsDeleteObjectTestCase.test_ReplicateDeletedObject1(promoted_dc)
    12 UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_ntvfs)
    11 UNEXPECTED(failure): samba4.ldap.notification.python(ad_dc_ntvfs).__main__.LDAPNotificationTest.test_max_search(ad_dc_ntvfs)

We'll see if we also need to add
samba4.winbind.struct.domain_info.s3member
before we're able to identify and fix the problem.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 12 02:14:39 CET 2016 on sn-devel-144
2016-03-12 02:14:39 +01:00
Stefan Metzmacher
5a397216d4 s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:31 +01:00
Garming Sam
8cee2c8146 CVE-2016-0771: tests: rename test getopt to get_opt
This avoids any conflicts in this directory with the original toplevel
getopt.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:25 +01:00
Jeremy Allison
841ae4a2e2 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-03-10 06:52:23 +01:00
Jeremy Allison
19eb1c9311 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-03-10 06:52:23 +01:00
Douglas Bagnall
b797baaa60 Add python server sort tests
The tests are repeated twice: once properly with complex Unicode
strings, and again in a simplified ASCII subset. We only expect Samba
to pass the simplified version. The hard tests are aspirational and
show what Active Directory does.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:17 +01:00
Andrew Bartlett
13e62b2e35 selftest: Allow 4 hours for the test to run (ouch!)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:30 +01:00
Andrew Bartlett
a7b242aa61 selftest: dbcheck should not be marked flapping
The primary cause of the flapping was due to the objectclass
sort routine being non-deterministic.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Michael Adam
2fd54b5332 smbd:smb2: implement create replay
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
1b804d6f93 torture:smb2: add smb2.replay.replay-dhv2-lease3
create with a lease, and replay with lease
with a different lease key.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
1c772984c6 torture:smb2: add smb2.replay.replay-oplock-lease
create with an oplock, and replay with a lease.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
2036e1d27b torture:smb2: add smb2.replay.replay-dhv2-lease-oplock
Open with a lease and replay with an oplock.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
6eeabe43a2 torture:smb2: add smb2.replay.replay-dhv2-lease2
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
de678ebcdf torture:smb2: add smb2.replay.replay-dhv2-lease1
This is a variant of the replay-dhv2-oplock1 test for leases
instead of for oplocks.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
9ac9d286b4 torture:smb2: split rename2 into multiple tests and extend these
- replay-regular
- replay-dhv2-oplock1
- replay-dhv2-oplock2
- replay-dhv2-oplock3

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:23 +01:00
Michael Adam
9ebf079b00 torture:smb2: rename replay1 -> replay-commands
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:23 +01:00
Uri Simchoni
9c67ff461d selftest: test access based share enum parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8093

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar  2 23:51:56 CET 2016 on sn-devel-144
2016-03-02 23:51:55 +01:00
Christian Ambach
39081afbe5 selftest: Add a blackbox test for smbget
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Feb 26 14:40:55 CET 2016 on sn-devel-144
2016-02-26 14:40:54 +01:00
Christian Ambach
6ceba4def6 selftest: add a helper for the smbget binary
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-26 11:31:33 +01:00
Christian Ambach
2588cf37c0 selftest: Reduce code duplication
Factor out a createuser sub.

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-26 11:31:33 +01:00
Volker Lendecke
e8b5a979ab selftest: "standard" process model for a few envs
This is needed as with source4/libcli/wbclient changed to nsswitch/libwbclient
we don't have a nested event loop here anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:16 +01:00
Stefan Metzmacher
be704c8765 selftest: add dbwrap_tdb_require_mutexes:* = yes, when using dbwrap_tdb_mutexes:* = yes by default
export SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT=1 can overwrite this.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb  9 01:42:14 CET 2016 on sn-devel-144
2016-02-09 01:42:14 +01:00
Robin Hack
e2699685ca samba3.blackbox.smbclient.forceuser_validusers: Add new test for force user option.
Test covers commit
cf0934caf2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651

How to test:
$ make -j test TESTS="samba3.blackbox.smbclient.forceuser_validusers"
RESULD: Should PASS
$ git revert cf0934caf2
$ make -j test TESTS="samba3.blackbox.smbclient.forceuser_validusers"
RESULT: Should FAIL

Signed-off-by: Robin Hack <rhack@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Feb  4 03:44:42 CET 2016 on sn-devel-144
2016-02-04 03:44:42 +01:00
Stefan Metzmacher
90cb84c905 selftest: specify a maximum runtime for 'make testenv' of 1 year
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-02-01 09:53:10 +01:00
Uri Simchoni
526a387838 selftest: un-flap samba3.blackbox.dfree_quota
Remove test from flapping list after fix.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 28 01:10:54 CET 2016 on sn-devel-144
2016-01-28 01:10:54 +01:00
Uri Simchoni
6f3cc471a6 selftest: mark samba3.blackbox.dfree_quota as flakey
samba3.blackbox.dfree_quota fails repeatedly on sn-devel-144,
although it seems like it initially passed. Marking as flapping
until further investigation.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jan 27 15:27:52 CET 2016 on sn-devel-144
2016-01-27 15:27:52 +01:00
Uri Simchoni
f71761c47a selftest: add disk-free and quota tests based on fake_dfq VFS module
These tests use the vfs_fake_dfq module to simulate some
relations between the quota status and disk-free status.

The tests will become meaningful when we take the code that
does those calculations out of the VFS layer - the tests will
then exercise the server code.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-01-26 15:58:11 +01:00
Uri Simchoni
bbb5a8a9d5 vfs_shadow_copy2: add tests for snapsharepath
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-26 00:06:16 +01:00
Adrian Cochrane
594778e580 ldb-samba: Expand testing of recursive search
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jan 18 07:49:43 CET 2016 on sn-devel-144
2016-01-18 07:49:43 +01:00
Uri Simchoni
7362c27a62 vfs_shadow_copy2: add a blackbox test suite
Add a blackbox test suite for vfs_shadow_copy2, testing
parameters mountpoint, basedir, snapdir, snapdirseverywhere,
and testing correct wide-link processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11580

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jan 13 17:11:38 CET 2016 on sn-devel-144
2016-01-13 17:11:38 +01:00
Uri Simchoni
3e1b26bd6d selftest: more dfree command and smbclient disk usage tests
Add tests that cover disk usage printing by smbclient, as well
as passing directory info to the "dfree command" script.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11662

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan  6 03:58:59 CET 2016 on sn-devel-144
2016-01-06 03:58:59 +01:00
Andrew Bartlett
e242d7264e selftest: Ensure that if the SAMBA_PID is not set, that the env is not OK
This ensures that we must instead start the selftest environment, it is not already running

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 17 06:27:14 CET 2015 on sn-devel-104
2015-12-17 06:27:14 +01:00
Andrew Bartlett
b0aa686eb6 selftest: Do not start tests on an environment that has failed to start up
This avoids debugging subsequent test failures, which may not be as clear

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-17 03:23:21 +01:00
Jeremy Allison
cc137fa386 CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).
New tests for fix.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-12-16 12:56:48 +01:00
Adrian Cochrane
c505076422 Fix propagation of LDB errors through TDB.
Returning a non-zero value from a tdb_traverse callback indicates that tdb_traverse
should stop traversing the database. This error code IS NOT propagated back to the
caller, so LTDB must record the error otherwise. This patch corrects LTDB for this
misunderstanding.

Naturally exposing these errors changes the behaviour of some tests. This commit fixes
that as well.

Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-04 06:08:29 +01:00
Andreas Schneider
bf10446a69 selftest: Fix Samba::bindir_path() with a valid directory.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-11-23 15:17:18 +01:00
Uri Simchoni
d451bbaee2 selftest: add test for force user and well-known primary group
Add a test for connecting to a share with a "force user" whos
primary unix gid maps to a well-known alias.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 19 23:20:36 CET 2015 on sn-devel-104
2015-11-19 23:20:36 +01:00
Christof Schmitt
f9b92cfea6 selftest: Use strict sync = yes
This enables the codepaths calling fsync for FLUSH requests during
selftest.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Nov 13 04:47:00 CET 2015 on sn-devel-104
2015-11-13 04:47:00 +01:00
Andreas Schneider
3d7fdb8dbc selftest: Start Samba AD DC as root
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05 09:23:15 +01:00
Andreas Schneider
796a05b810 selftest: Start smbd, nmbd and winbindd as root
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05 09:23:15 +01:00
Uri Simchoni
b3f3ffe35d vfs_offline: add a blackbox test
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-11-04 22:15:24 +01:00
Uri Simchoni
f9d6be3b74 selftest: Avoid system krb5.conf in "none" test env
Some torture tests do not perform Kerberos activity and do not
run against a server (hence the "none" test env), but do create
a krb5 context, and that causes the Kerberos libs to read
krb5.conf and choke if they don't understand it.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-27 00:28:34 +01:00
Uri Simchoni
8d3106b1a4 selftest: Avoid system krb5.conf in some test envs that don't use kerberos
Some test envs don't use kerberos (e.g. nt4_dc). However, the client
tools are built with Kerberos support and may get upset if hitting
a krb5.conf file they don't understand.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-27 00:28:34 +01:00
Uri Simchoni
63c891938a selftest: Avoid system krb5.conf in testenv provisioning
Some provisioning commands don't necessarily need a krb5.conf,
but they still must cause samba's Kerberos libraries to avoid
looking at the system krb5.conf, as this file may not be understood
by samba's Kerberos libs and fail the env provisioning.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-27 00:28:34 +01:00
Andrew Bartlett
0d962e010e selftest: Confirm a demote of a real network works
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 26 08:17:47 CET 2015 on sn-devel-104
2015-10-26 08:17:47 +01:00
Andrew Bartlett
97577fd088 Add samba4.smb2.create.mkdir-dup(ad_dc_ntvfs) as flapping
This test sometimes succeeds, depending on the build environment.

(Corrects earlier patch to also remove from knownfail)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
d7cc5d459c Add samba4.smb2.create.mkdir-dup(ad_dc_ntvfs) as flapping
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-23 22:27:30 +02:00
Andrew Bartlett
751ea346bc selftest: Correct comment about MAX_WRAPPED_INTERFACES
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-20 20:22:22 +02:00
Jeremy Allison
8bcbb6fb16 s3: test: Fix standalone valid users fileserver test.
Test was originally added for bug #11320. At the time
I remarked the only way I could get this to reproduce
the issue was to use "+WORKGROUP\userdup" instead of
just "+userdup" (which was the actual problem reported),
but I didn't investigage enough to discover the underlying
problem which is actually bug:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

(lookup_names() logic for unqualified (no DOMAIN\
component) names is incorrect). On a standalone
fileserver "WORKGROUP\name" should not resolve,
but "NETBIOS-NAME\name" and just "name" should.

This corrects the test now that lookups for unqualified
names are now being done correctly.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Oct 15 22:58:54 CEST 2015 on sn-devel-104
2015-10-15 22:58:54 +02:00
Jeremy Allison
808f29cb2f s4: torture: Add SMB2 access-based enumeration test. Passes against Win2k12R2.
https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 14 19:00:03 CEST 2015 on sn-devel-104
2015-10-14 19:00:03 +02:00
Jeremy Allison
969d043596 s4: torture: Test mkdir race condition.
Found by Max of LoadDynamix <adx.forum@gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 24 06:13:22 CEST 2015 on sn-devel-104
2015-09-24 06:13:22 +02:00
Ralph Boehme
b9c561273b selftest: add change notify = no to simpleserver env
A subsequent patch will use this env in a torture test.

The aren't any existing tests that make use of change notify, so
disabling change notify in this test environment doesn't impact existing
tests.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-31 12:50:13 +02:00
Andrew Bartlett
336d41155e python/tests: Add tests for integer overflow handling
This also documents an issue with our python bindings and lists, as changes to integers in a list
of integers are not preserved

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-24 23:46:22 +02:00
Andrew Bartlett
dc2d5ccd56 Revert "ldb-samba: Implement transitive extended matching"
This reverts commit 2a22ba34cd.

selftest/knownfail entries are added to ensure 'make test' continues to pass

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10493

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-17 17:43:36 +02:00
Ralph Boehme
7258061e5e s4:torture:vfs_fruit: add a test for stream names
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11278

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-07 09:52:13 +02:00
Jeremy Allison
3c0f9340e6 tests: Add regression test for s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 30 00:36:14 CEST 2015 on sn-devel-104
2015-07-30 00:36:14 +02:00
Andrew Bartlett
e0fa42201b selftest: Add knownfail entry required to disable tombstone_reanimation
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 20 09:21:33 CEST 2015 on sn-devel-104
2015-07-20 09:21:33 +02:00
Andreas Schneider
1f90bb6049 selftest: Add test for the dfree command
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 22:09:34 CEST 2015 on sn-devel-104
2015-07-17 22:09:33 +02:00
Andreas Schneider
d2cbb5f65f selftest: Do not lookup the realm with Kerberos
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-07-17 01:38:15 +02:00
Stefan Metzmacher
7605c5d6e8 selftest/Samba4: setup forest UPN and SPN namespaces for ad_dc and fl2008r2dc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Stefan Metzmacher
90956d6088 selftest/Samba4: setup trusts between forest:fl2008r2dc/ad_dc and externl:fl2003dc/ad_dc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Stefan Metzmacher
70cea2b85c s4:rpc_server/netlogon: implement NETLOGON_CONTROL_{QUERY,REDISCOVER,TC_QUERY,TC_VERIFY,CHANGE_PASSWORD}
We pass NETLOGON_CONTROL_{REDISCOVER,TC_QUERY,TC_VERIFY,CHANGE_PASSWORD} to
winbindd and do the hard work there, while we answer NETLOGON_CONTROL_QUERY
directly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Stefan Metzmacher
c57fef89e1 s4:rpc_server/netlogon: implement dcesrv_netr_ServerTrustPasswordsGet()
We just need to call dcesrv_netr_ServerGetTrustInfo() and ignore trust_info.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:21 +02:00