1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

813 Commits

Author SHA1 Message Date
Andreas Schneider
2120b21587 testprogs: Reformat test_ktpass.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ktpass.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug  4 13:49:54 UTC 2022 on sn-devel-184
2022-08-04 13:49:54 +00:00
Andreas Schneider
faf8c190b4 testprogs: Reformat test_kpasswd_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kpasswd_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
9d1cf12da1 testprogs: Reformat test_kpasswd_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kpasswd_heimdal.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
a68d75f9c1 testprogs: Reformat test_kinit_trusts_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_trusts_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
ce97396ecb testprogs: Reformat test_kinit_trusts_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_trusts_heimdal.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
8c19e475aa testprogs: Reformat test_kinit_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
da0049b01d testprogs: Reformat test_kinit_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_heimdal.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
848bf1bf59 testprogs: Reformat test_export_keytab_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_export_keytab_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
708582deef testprogs: Reformat test_export_keytab_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_export_keytab_heimdal.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
fcdcad8781 testprogs: Reformat test_client_kerberos.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_client_kerberos.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
2c8681cca7 testprogs: Reformat test_client_etypes.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_client_etypes.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
f222b2a229 testprogs: Reformat test_chgdcpass.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_chgdcpass.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
561e925655 testprogs: Reformat subunit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/subunit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
de6335d47a testprogs: Reformat schemaupgrade.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/schemaupgrade.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
a59460d279 testprogs: Reformat runtime-links.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/runtime-links.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
7b4e06d225 testprogs: Reformat renamedc.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/renamedc.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
d0f2791830 testprogs: Reformat nsstest.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/nsstest.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
084bddcf10 testprogs: Reformat ldapcmp_restoredc.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/ldapcmp_restoredc.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
65b3797352 testprogs: Reformat join_ldapcmp.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/join_ldapcmp.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
f2591ff727 testprogs: Reformat functionalprep.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/functionalprep.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
91035d48f2 testprogs: Reformat dom_parse.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dom_parse.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
eab5cdb66f testprogs: Reformat dfree.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dfree.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
9bc3ba8f37 testprogs: Reformat demote-saveddb.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/demote-saveddb.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 12:56:37 +00:00
Andreas Schneider
0cdd204693 testprogs: Reformat dbcheck.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dbcheck.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Aug  4 10:11:30 UTC 2022 on sn-devel-184
2022-08-04 10:11:30 +00:00
Andreas Schneider
ae3452244d testprogs: Reformat dbcheck-oldrelease.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dbcheck-oldrelease.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 09:11:29 +00:00
Andreas Schneider
9757229b2b testprogs: Reformat dbcheck-links.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dbcheck-links.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-04 09:11:29 +00:00
Joseph Sutton
3029d9bf35 CVE-2022-2031 testprogs: Add test for short-lived ticket across an incoming trust
We ensure that the KDC does not reject a TGS-REQ with our short-lived
TGT over an incoming trust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Andreas Schneider
a8068e32a0 CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Andreas Schneider
4c12840e42 testprogs: Reformat common_test_fns.inc
shfmt -w -p -i 0 -fn testprogs/blackbox/common_test_fns.inc

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Jul 20 11:59:26 UTC 2022 on sn-devel-184
2022-07-20 11:59:26 +00:00
Andreas Schneider
88c1173655 testprogs: Reformat common-links.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/common-links.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-07-20 11:09:36 +00:00
Andreas Schneider
30215a8a21 testprogs: Reformat bogus.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/bogus.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Fri Jul 15 13:00:30 UTC 2022 on sn-devel-184
2022-07-15 13:00:30 +00:00
Andreas Schneider
e9e5b3ae0f testprogs: Fix auth with smbclient and krb5 ccache
--use-kerberos=required will ask the user to provide a username and
password to do a kinit. The test will open a password prompt in this
case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-06-22 10:53:36 +00:00
Samuel Cabrero
b7810f03ff selftests: Convert "net ads dns async" test to python
The current test uses the dig tool from bind9 but this tool has been
rewritten in 9.17.7 to use bind's netmgr functions instead of isc_socket
(commit 94b7988efb0f9b96415dd2966e6070450d960263).

The problem is that these 'netmgr' functions use libuv internally, and, on
systems supporting it, they end up using the sendmmsg() syscall which is not
catched by socket wrapper so the test fails.

This commit converts the test to python and uses the dnspython module
instead of the dig tool. Backtraces follow as reference.

Backtrace from dig v9.16.28 (working):

 #0  0x00007ffff778edee in sendmsg () from /lib64/libc.so.6
 #1  0x00000000005e5dee in cmsgsend (s=s@entry=12, level=level@entry=0, type=type@entry=1, res=<optimized out>) at net.c:515
 #2  0x00000000005e616c in try_dscp_v4 () at net.c:623
 #3  try_dscp () at net.c:696
 #4  0x00007ffff7708ad7 in __pthread_once_slow () from /lib64/libc.so.6
 #5  0x00000000005e66d7 in initialize_dscp () at net.c:702
 #6  isc_net_probedscp () at net.c:707
 #7  0x00000000005e8460 in socket_create (manager=0x6b49c0, pf=2, type=<optimized out>, socketp=0x7ffff0012b00, dup_socket=0x0) at socket.c:2454
 #8  0x000000000043cfcd in send_udp (query=0x7ffff00129a8) at dighost.c:2897
 #9  0x000000000043f9c7 in onrun_callback (task=<optimized out>, event=<optimized out>) at dighost.c:4271
 #10 0x00000000005dfefe in task_run (task=0x6b5c70) at task.c:851
 #11 isc_task_run (task=0x6b5c70) at task.c:944
 #12 0x00000000005ca0ce in isc__nm_async_task (worker=0x6b8970, ev0=0x716250) at netmgr.c:873
 #13 process_netievent (worker=worker@entry=0x6b8970, ievent=0x716250) at netmgr.c:952
 #14 0x00000000005ca2ba in process_queue (worker=worker@entry=0x6b8970, type=type@entry=NETIEVENT_TASK) at netmgr.c:1021
 #15 0x00000000005caa43 in process_all_queues (worker=0x6b8970) at netmgr.c:792
 #16 async_cb (handle=0x6b8cd0) at netmgr.c:821
 #17 0x00007ffff7898a4d in ?? () from /lib64/libuv.so.1
 #18 0x00007ffff78b4217 in ?? () from /lib64/libuv.so.1
 #19 0x00007ffff789e40a in uv_run () from /lib64/libuv.so.1
 #20 0x00000000005ca31e in nm_thread (worker0=0x6b8970) at netmgr.c:727
 #21 0x00000000005e2315 in isc__trampoline_run (arg=0x6b7c40) at trampoline.c:198
 #22 0x00007ffff7703767 in start_thread () from /lib64/libc.so.6
 #23 0x00007ffff778dc10 in clone3 () from /lib64/libc.so.6

Backtrace from dig v9.17.7 (not working):

 #0  0x00007ffff7684480 in syscall () from /lib64/libc.so.6
 #1  0x00007ffff754aed0 in uv__sendmmsg (vlen=0, mmsg=0x0, fd=10) at src/unix/linux-syscalls.c:163
 #2  uv__udp_mmsg_init () at src/unix/udp.c:74
 #3  0x00007ffff7606ad7 in __pthread_once_slow () from /lib64/libc.so.6
 #4  0x00007ffff7541bd9 in uv_once (guard=<optimized out>, callback=<optimized out>) at src/unix/thread.c:440
 #5  0x00007ffff7539e9b in uv__udp_sendmsg (handle=0x7ffff50535b8) at src/unix/udp.c:415
 #6  uv__udp_send (send_cb=0x7ffff7a41db0 <udp_send_cb>, addrlen=<optimized out>, addr=<optimized out>, nbufs=1, bufs=0x7ffff506c720, handle=0x7ffff50535b8, req=0x7ffff506c878) at src/unix/udp.c:773
 #7  uv_udp_send (req=req@entry=0x7ffff506c878, handle=handle@entry=0x7ffff50535b8, bufs=bufs@entry=0x7ffff506c720, nbufs=nbufs@entry=1, addr=<optimized out>, send_cb=send_cb@entry=0x7ffff7a41db0 <udp_send_cb>) at src/uv-common.c:464
 #8  0x00007ffff7a42308 in udp_send_direct (peer=0x7ffff5dfa988, req=0x7ffff506c700, sock=0x7ffff5053000) at netmgr/udp.c:839
 #9  isc__nm_async_udpsend (worker=<optimized out>, ev0=0x7ffff5dfa950) at netmgr/udp.c:780
 #10 0x00007ffff7a47de7 in isc__nm_udp_send (handle=<optimized out>, region=0x7ffff5dfaa90, cb=0x555555566250 <send_done>, cbarg=<optimized out>) at netmgr/udp.c:749
 #11 0x0000555555562ac2 in send_udp (query=0x7ffff502a000) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2899
 #12 udp_ready (handle=0x7ffff5026180, eresult=ISC_R_SUCCESS, arg=<optimized out>) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2974
 #13 0x00007ffff7a37d34 in isc__nm_async_connectcb (worker=worker@entry=0x7ffff622f000, ev0=ev0@entry=0x7ffff5026480) at netmgr/netmgr.c:2704
 #14 0x00007ffff7a3ca20 in process_netievent (worker=worker@entry=0x7ffff622f000, ievent=0x7ffff5026480) at netmgr/netmgr.c:940
 #15 0x00007ffff7a3d027 in process_queue (worker=worker@entry=0x7ffff622f000, type=type@entry=NETIEVENT_NORMAL) at netmgr/netmgr.c:977
 #16 0x00007ffff7a3d203 in process_all_queues (worker=0x7ffff622f000) at netmgr/netmgr.c:733
 #17 async_cb (handle=0x7ffff622f360) at netmgr/netmgr.c:762
 #18 0x00007ffff7531a4d in uv__async_io (loop=0x7ffff622f010, w=<optimized out>, events=<optimized out>) at src/unix/async.c:163
 #19 0x00007ffff754d217 in uv__io_poll (loop=0x7ffff622f010, timeout=<optimized out>) at src/unix/epoll.c:374
 #20 0x00007ffff753740a in uv__io_poll (timeout=<optimized out>, loop=0x7ffff622f010) at src/unix/udp.c:122
 #21 uv_run (loop=loop@entry=0x7ffff622f010, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:391
 #22 0x00007ffff7a3d624 in nm_thread (worker0=0x7ffff622f000) at netmgr/netmgr.c:664
 #23 0x00007ffff7a6c915 in isc__trampoline_run (arg=0x555555599210) at /usr/src/debug/bind-9.18.2-1.1.x86_64/lib/isc/trampoline.c:187
 #24 0x00007ffff7601767 in start_thread () from /lib64/libc.so.6
 #25 0x00007ffff768bc10 in clone3 () from /lib64/libc.so.6

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun  4 00:27:29 UTC 2022 on sn-devel-184
2022-06-04 00:27:29 +00:00
Andreas Schneider
67294a23b9 testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported by MIT Kerberos
anyway.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-03-25 21:54:11 +00:00
Andreas Schneider
06da77a365 testprogs: Manually reformat test_pkinit_pac.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
970f110086 testprogs: Reformat test_pkinit_pac.sh with shfmt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
f0f47eedf7 testprogs: Rename test_pkinit_pac_heimdal.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
6a125b0ac9 testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
c27f17df37 testprogs: Remove the usage of enctype in test_pkinit_simple.sh
This is not needed anymore and the default is AES in the meantime.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andrew Bartlett
3aa7df568b testprogs: Change from $foo to "${foo}" variable style
This is selected from and to improve the understanding of:

    testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos

    There is no need to specify the enctype and it isn't supported with MIT
    Kerberos.

    Signed-off-by: Andreas Schneider <asn@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
e172885857 testprogs: Manually reformat testit commands in test_pkinit_simple.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
a0deaed629 testprogs: Fix calculating failed in test_pkinit_simple.sh
We only want to increase it if a test is failing. If something is expected to
fail, we should not count that as failed.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
ff0b3a9ee6 testprogs: Format test_pkinit_simple.sh with shfmt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
9baac4a817 testprogs: Rename test_pkinit_heimdal.sh
We want one common test which works against Heimdal and MIT Kerberos.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
4d0ea9e3b0 testprogs: Fix kerberos_kinit with additional options
The additional options need to come before we specify the principal

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Joseph Sutton
4f1b7684ed functionalprep.sh: Add test for samba-tool add group --special
Test that we can add the special Protected Users group, and that we get
an appropriate error message when attempting to add it a second time.

We add these tests here so that we can make use of an old provision that
does not already have the Protected Users group added.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-18 11:55:30 +00:00
Joseph Sutton
b308240cb4 selftest/dbcheck: Fix up msDS-RevealedUsers links with deleted target DN
Replicating test accounts to the RODC and then deleting them caused
stale msDS-RevealedUsers links to remain in the database.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-18 11:55:30 +00:00
Andreas Schneider
d2ac90cdd5 testprogs: Add test that local krb5.conf has been created
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2022-03-16 13:28:30 +00:00
Pavel Filipenský
eb0fa26dce tests: Add test for disabling NTLMSSP for ldap client connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-01-21 23:33:36 +00:00
Volker Lendecke
afd014245a test: Prime the kpasswd server
I was getting this failure:

[102(815)/143 at 10m59s] samba4.blackbox.net_ads_dns(ad_member:local)(ad_member:local)
UNEXPECTED(failure): samba4.blackbox.net_ads_dns(ad_member:local).Adding an unprivileged user(ad_member:local)
REASON: Exception: Exception: Could not add user unprivuser. Error setting password Incorrect net address

My preliminary analysis shows that the KRB5KRB_AP_ERR_BADADDR error
message is triggered by the libkrb5 client code. I have not yet shown
this to happen with pure libkrb5, but my theory is the following:

k5_privsafe_check_addrs() fails under the following circumstances: The
kpasswd server is contacted on IPv4 and is slow to reply. After
waiting a bit, libkrb5 also tries to contact kpasswd on
IPv6. kpasswd_sendto_msg_callback() for the IPv6 request changes the
authentication context's local_addr to IPv6. Then the IPv4 request is
replied to, and then k5_privsafe_check_addrs() bails on the address
family in ac->local_addr (IPv6) vs the one received and via the IPv4
connection.

libkrb5's src/lib/krb5/os/changepw.c has this comment:

    /*
     * TBD:  Does this tamper w/ the auth context in such a way
     * to break us?  Yes - provide 1 per conn-state / host...
     */

I think we're hit by this.

This patch hacks around the situation by priming the kpasswd server
without error checking. If the initial v4 request is quick enough
because the kpasswd server is already started up properly, everything
works flawlessly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Andreas Schneider
492fd5b00f testprogs: Add rpcclient schannel tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-02 13:59:31 +00:00
Douglas Bagnall
6ced906e2b test/blackbox/test_samba-tool_ntacl: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-11-17 04:36:37 +00:00
Douglas Bagnall
55752c12cf CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp
We need to have the SPNs there before someone else nabs them, which
makes the re-provisioned old releases different from the reference
versions that we keep for this comparison.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Andreas Schneider
5c6640470a testprogs: Use new cmdline option for kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-10-28 12:32:35 +00:00
Andrew Bartlett
a7ad665e65 selftest/dbcheck: Fix up RODC one-way links (use correct dbcheck rule)
The previous commit was correct on intention, but it was not noticed
as there is a race, that the incorrect rule was appended to.

These links are removed by remove_plausible_deleted_DN_links not
fix_all_old_dn_string_component_mismatch

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 15 10:00:47 UTC 2021 on sn-devel-184
2021-10-15 10:00:47 +00:00
Joseph Sutton
40e5db4aab selftest/dbcheck: Fix up RODC one-way links
Test accounts were replicated to the RODC and then deleted, causing
state links to remain in the database.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-10-14 18:59:31 +00:00
Ralph Boehme
fdfc475000 selftest: fix ---configfile option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-09-10 15:10:30 +00:00
Günther Deschner
7938d94d12 s4-selftest: add net offlinejoin tests
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 14 17:38:21 UTC 2021 on sn-devel-184
2021-07-14 17:38:21 +00:00
Andreas Schneider
a5012df861 selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-07 14:10:29 +00:00
Isaac Boukris
194d726a80 selftest: Fix "outgoing" test in kinit_trust heimdal
Found by the test not failing in one-way trust.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-07 14:10:29 +00:00
Andreas Schneider
8d71afb4e6 testprogs: Show that DOM\user and REALM\user work for auth
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-07 14:10:28 +00:00
Andreas Schneider
4b2b5c8f68 testprogs: Rename TRUST_CREDS variables in test_trust_utils.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-07 14:10:28 +00:00
Stefan Metzmacher
7c3bb491ba testprogs: Consistantly use kinit -c $KRB5CCNAME
We want to be really clear which credentials cache we use.

The kerberos_kinit() shell function uses this internally.

-c is the common option between MIT and Heimdal, and is
equivilant to --cache

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 23:51:43 UTC 2021 on sn-devel-184
2021-07-05 23:51:43 +00:00
Andrew Bartlett
bbff4f5e6b testprogs/blackbox: Remove joined dc for ldapcmp
We don't need this DC once the ldapcmp is over, and it avoids
the running DC spamming the logs looking for it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2021-06-21 00:58:31 +00:00
Andreas Schneider
4b4fd5340a testprogs: Add smbtorture tests with new options
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Andreas Schneider
092d26af6a s4:torture: Pass the pkinit ccache via a torture variable
Mixing -Uuser%password and --krb5-ccache doesn't really work on the
cmdline as -U overwrited the ccache.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Andreas Schneider
c01213471f testprogs: Use new kerberos options for smbclient(4) tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Andreas Schneider
db876e95b5 testprogs: Remove --debuglevel from test_kinit_trusts_mit.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Joseph Sutton
c6b2846c9d testprogs: Test that dns.keytab is created after a dns upgrade
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-11 07:41:38 +00:00
Andreas Schneider
ea071d278a s3:utils: Use connection and credentials parser in net util
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-05-28 02:55:31 +00:00
Andreas Schneider
7fa1ae04df testprogs: Add additional rpcclient tests for new cmdline options
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-05-20 02:58:36 +00:00
Andreas Schneider
ba7c2cee9d testprogs: Rename test_rpc_getusername_legacy()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-05-20 02:58:36 +00:00
Andreas Schneider
ff7d4a65ca testprogs: Add more smbclient kerberos tests for new cmdline options
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-05-20 02:58:36 +00:00
Andreas Schneider
08434e413f testprogs: Add test for offline logon support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-05-12 20:29:32 +00:00
Andreas Schneider
f291b8f157 tests: Use --configfile instead of -s
We should use long options in tests to make clear what we are trying to
do.

Also the -s short option will be removed for --configfile later.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Andreas Schneider
86f7bc7a37 testprogs: Use --suppress-prompt instead of -s for testparm
We should use long options in tests to make clear what we are trying to
do.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Andreas Schneider
fca9c56836 tests: Use ldbsearch '--scope instead of '-s'
We should use long options in tests to make clear what we are trying to
do.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Andrew Bartlett
4367eeb778 selftest: Improve test names in kinit test for improved debugging
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-20 11:42:37 +00:00
Stefan Metzmacher
467cfaf852 testprogs:blackbox: create temporary files under $PREFIX/SELFTEST_TMPDIR
Tests should not create files in the build nor the source directory!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-13 08:23:35 +00:00
Andrew Bartlett
da627106cd dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones
These reports (about recently deleted objects)
create concern about a perfectly normal part of DB operation.

We must not operate on objects that are expired or we might reanimate them,
but we must fix "Deleted Objects" if it is wrong (mostly it is set as being
deleted in 9999, but in alpha19 we got this wrong).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb  3 05:29:11 UTC 2021 on sn-devel-184
2021-02-03 05:29:11 +00:00
Andrew Bartlett
1ec1c35a3a selftest: Confirm that we fix any errors on the Deleted Objects container itself
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-02-03 04:19:36 +00:00
Björn Jacke
98caa173b2 tests: also test net ads dns (un)register with IPv6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-23 12:45:35 +00:00
Björn Jacke
f30e100b39 tests: also test v6 for async dns test by using dig
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-23 12:45:35 +00:00
Björn Baumbach
98119189cf blackbox/test_samba-tool_ntacl.sh: script requires two arguments
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17 13:59:37 +00:00
Andreas Schneider
39536286d4 testprogs: Fix MIT KRB5 export keytab with > 1.18
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 21 00:11:02 UTC 2020 on sn-devel-184
2020-11-21 00:11:02 +00:00
Stefan Metzmacher
40079975f7 testprogs/blackbox: make sure subunit.sh always terminates DETAILS with '\n]\n'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-11-11 21:14:32 +00:00
Andreas Schneider
1432d225b0 testprogs: Fix and improve upgradeprovision-oldrelease test
This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 22 17:28:39 UTC 2020 on sn-devel-184
2020-10-22 17:28:39 +00:00
Andreas Schneider
32305d607f testprogs: Fix and improve dbcheck-oldrelease test
This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:31 +00:00
Andreas Schneider
28720d66df testprogs: Fix and improve functionalprep test
This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:31 +00:00
Andreas Schneider
d8fe4315c8 testprogs: Fix and improve dbcheck-links test
This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:30 +00:00
Andreas Schneider
a9765084f1 testprogs: Fix and improve runtime-links test
This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:30 +00:00
Andreas Schneider
e4194355f4 testprogs: Fix and improve tombstones-expunge test
This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:30 +00:00
Andreas Schneider
e58ccdaa1a testprogs: Fix and improve demote-saveddb test
This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:30 +00:00
Andreas Schneider
3770f28c62 testprogs: Add remove_directory to common test functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:30 +00:00
Samuel Cabrero
ed625d6694 tests: Disable kerberos for weak crypto test
Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184
2020-09-17 00:05:51 +00:00
Isaac Boukris
08909e66ef Revert "selftest: add tests for net-ads over TLS"
As we are removing the option.

This reverts commit 10f61cd39b.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14462

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-11 09:32:34 +00:00
Jeremy Allison
156f1dfc39 s4: tests: Add new async DNS unit test - samba4.blackbox.net_ads_dns_async(ad_member:local).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-07 06:34:36 +00:00
Isaac Boukris
0739983179 Add a test with old msDS-SupportedEncryptionTypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-07-28 12:40:26 +00:00
Isaac Boukris
10f61cd39b selftest: add tests for net-ads over TLS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-07-13 10:41:37 +00:00
Sachin Prabhu
31d187be0f s4:selftest: test for smbtorture subunit names with and without --fullname
We check the output with both --fullname and with the default shortname
to ensure it works as expected.

We also do tests for each level and test relative names are used.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User((no branch)): Stefan Metzmacher <metze@samba.org>
Autobuild-Date((no branch)): Tue Jul  7 12:16:34 UTC 2020 on sn-devel-184
2020-07-07 12:16:34 +00:00