IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We have some tests that are not only known to fail, but which are
intended to fail.
For example, to quote selftest/knownfail.d/dns:
> # These tests are expected to fail because we want to ensure that
> # unauthenticated updates are not permitted against the default
> # configuration, nor against an RODC
In contrast to selftest/knownfail.d/uac_objectclass_restrict, which
says:
> # All these tests need to be fixed and the entries here removed
That one should stay in selftest/knownfail.d.
Some files are mixed. For example, there are lines in
selftest/knownfail.d/smb1-tests which were added in *commits* that say
> We also need to add a knownfail (which will not be removed) for the
> new test which will fail in smb1 envs
but it is not clear to me that the whole file is expected to always
fail.
By moving some knownfails here, we allow selftest/knownfail.d to be a
bit more like a TODO list, containing things that actually constitute
failure.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is the version we test with in CI after the image update
in the next commit. This addresses the issues that were
fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures
that Samba builds against the MIT version that allows us to
avoid that attack.
The hooks to allow these expectations to be disabled in the tests
are kept for now, to allow this to be reverted or to test
older servers.
With MIT 1.21 as the new test standard for the MIT KDC build
we update the knownfail_mit_kdc - this was required regadless
after the CI image update.
Any update to the CI image, even an unrelated one, brings in
a new MIT Krb5, version 1.21-3 in this case. This has new
behaviour that needs to be noted in the knownfail files or
else the tests, which haven't changed, will fail and
pipelines won't pass.
(The image generated by the earlier bootstrap commit brought
in krb5-1.21-2 which was buggy with CVE-2023-39975)
Further tweaks to tests or the server should reduce the number
of knownfail entries, but this keeps the pipelines passing for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
For now we allow build warnings and only do some basic testing.
We also ignore timestamp related problems, as well as some charset
failures.
Over time we should try to address the situation by not allowing warnings
and verify if expected failures are harmless or not.
But it's already much better then having no 32bit testing at all!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Nov 24 12:05:26 UTC 2022 on sn-devel-184
We need to pass --mitkrb5 to selftest.pl in all cases we use
system mit kerberos not only when we also test the kdc.
We can't use a replay cache in selftest verifies the stat.st_uid
against getuid().
BTW: while debugging this on ubuntu 22.04 I exported
KRB5_TRACE="/dev/stderr", which means we get tracing into
the servers log file and into selftest_prefix/subunit for the client...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
==9542==AddressSanitizer: failed to intercept 'crypt'
==9542==AddressSanitizer: failed to intercept 'crypt_r'
[..]
AddressSanitizer:DEADLYSIGNAL
=================================================================
==29768==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000000000 bp 0x7ffcec4bf3c0 sp 0x7ffcec4beb58 T0)
==29768==Hint: pc points to the zero page.
==29768==The signal is caused by a READ memory access.
==29768==Hint: address points to the zero page.
#0 0x0 (<unknown module>)
#1 0x7f052cca4129 in crypt_crypt_impl /usr/src/debug/python310-core-3.10.6-3.1.x86_64/Modules/_cryptmodule.c:44
We would need to build python without --as-needed as we can't so that
we need to preload the library to avoid a segfault.
See also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98669
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This also addresses CVE-2020-17049.
MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It
will be released in autumn 2022. We need to support MIT Kerberos 1.19 till
enough distributions have been released with MIT Kerberos 1.20.
Pair-Programmed-With: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
With glibc 2.34 we are not able to talk to the DNS server via socket_wrapper
anymore. The res_* symbols have been moved from libresolv to libc. We are not
able to intercept any traffic inside of libc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This avoid shipping untested code and aligns with the version
used in GitLab CI for all the MIT builds.
The "bronze bit" (CVE-2020-17049) security fixes will need
a new MIT KDB version in any case, this prepares the ground
by removing the older version support.
(knownfail_mit_kdc updates taken from a patch by
Andreas Schneider <asn@samba.org> that did this optionally)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Add a heimdal kerberos specific known fail, will be needed by subsequent
commits.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a MIT kerberos specific known fail, will be needed by subsequent
commits.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
remove the skip file and the code to use it from the build as
all tests now run in either specific smb1 enabled envs or normal
(non smb1) envs
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Exclude the tests specified in the file 'skip_smb1_fails' which
contains the list of tests that would fail if min protocol >= SMB2_02
Note: a subsequent commit will change the default min protocol so
in order to maintain bisectability we skip the tests before
we change the default.
Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
For now I'll leave it arround for others I haven't tested.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 27 10:39:32 UTC 2020 on sn-devel-184
Disable the RTLD_DEEPBIND option for dlopen in LDB and Socket Wrapper when
running with AddressSanitizer. The RTLD_DEEPBIND option is not compatible
with Address Sanitizer see
https://github.com/google/sanitizers/issues/611
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 16 15:41:41 UTC 2019 on sn-devel-184
This hooks up the selftest/ns/* scripts added earlier with the selftest
system, so developers can optionally run a testenv or test using linux
namespaces instead of socket-wrapper.
The idea is this is experimental functionality that we can extend
further in future, in order to make testing Samba more versatile.
+ The top-level WAF script now does an 'unshare' to create a new
top-level 'selftest' namespace in which to create the testenv(s).
+ selftest.pl creates a common 'selftest0' bridge to connect together
the individual DCs.
+ Update Samba.pm so it can use real IPs instead of loopback addresses.
In fork_and_exec(), we add a couple of hooks so that the binary gets
started in a different namespace (using unshare/start_in_ns.sh), and
the parent process connects the new child namespace up to the common
selftest0 bridge (using add_bridge_iface.sh).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a --undefined-sanitizer option to configure, this causes the tests
to be run with the undefined behaviout sanitizer enabled.
Errors can be suppressed by adding entries to selftest/ubsan.supp
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 14 07:20:28 UTC 2019 on sn-devel-184
We want to enable gcov for all tasks, move it to global wscript.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The extra_python support was added to aid the python3 transition
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The build farm is no longer used, so we can remove checks for this
environment variable in the selftest code.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Previously we were only checking samba compiled OK with
--disable-python, not that it actually ran.
The main problem is all the make test framework is based around
subunit/smbtorture, neither of which we seem to build with
disable-python. However, for just a simple sanity-check, we can just
bypass all the subunit-filter work and just call the Perl code directly.
This works OK as long as it's just simple shell script tests that we're
running, as we can check the script's exit code directly.
The main thing that we really want to test is that we can start up the
smbd testenv and connect to it (i.e. a simple smbclient test).
This patch adds a new 'make test-nopython' target. This disables the
subunit filtering, and runs a small test-list that was generated manually.
Note that currently this has the limitation that it doesn't support known
failures or flapping tests. However, just checking that smd starts up OK
is probably OK for now.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 20 02:10:00 CET 2019 on sn-devel-144
Lots of test scripts need to run with the correct version
of python. With the correct shebang the script should run with the
correct version, the problem is that not all scripts are part
of the installation, some scripts are part of the source code,
and the shebang is not dynamically generated as yet.
It is safer if we are somewhat version neutral at the moment and
ignore the shebang and always run scripts from the test environment
with the python version (determined by PYTHON env variable) If this
env variable isn't set then set it according to the python version
that is running the tests
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Recent GCC versions enforce that the library must be in LD_PRELOAD if linked to a plugin
(like a python module).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Many perl scripts in the codebase are executables with a
"/usr/bin/perl" shebang. Running them as executables is not
portable as some OS's have a different location for the perl
interpreter.
During the configuration process, waf finds the location of the perl
interpreter. Some or all invocations of perl scripts from within
test environment setup code are actually "$PERL <script>",
but since PERL env var is typically not set, this amounts to the
unportable "<script>", which invokes /usr/bin/perl.
This patch exports the location of perl as found by the configuration
process to the test environment, causing "$PERL <script>" to be
"<correct place of perl interpreter> <script>".
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This makes it easier to add a temporary knownfail to cover a patch
series.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 3 13:55:41 CEST 2017 on sn-devel-144
These previously only ran if the develper was using EXTRA_PYTHON in their
OS environment
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 20 02:26:33 CEST 2017 on sn-devel-144
This makes it easier to use with common web-based graphing systems.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This can be used to override the default test lists used by
`make test` and `make perftest`. This tests can either be
programmatically generated (as is done for the defaults -- see
selftest/tests.py for an example), or from a static list. For the
generated lists, append a pipe symbol:
make test TEST_LIST='/bin/sh /tmp/tests.sh|'
and omit the pipe for a static list:
make test TEST_LIST='/tmp/tests.txt'
There are likely other useful modes of operation -- see `perldoc open`
for the wondrous details.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This runs a selection of subunit tests and reduces the output to only
the time it takes to run each test.
The tests are listed in selftest/perf_tests.py.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
