1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

943 Commits

Author SHA1 Message Date
Pavel Filipenský
ad6a91ba74 testprogs: Remove alias test from test_net_ads.sh
"net ads keytab create" no longer reads msDS-AdditionalDnsHostName from AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
abbf926067 testprogs: Remove dnshostname related test from test_net_ads.sh
"net ads keytab create" no longer reads dNSHostName from AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
2304d96db3 testprogs: Use "HOST' instead of 'host' in test_net_ads.sh
"net ads keytab create" will uses the same value as in AD,
modifications to lower case are no longer done

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
18aedcc84c testprogs: Remove upn related test from test_net_ads.sh
"net ads keytab create" will no longer read "userPrincipalName" from AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
d18babd1d7 testprogs: Remove "keytab add", "keytab delete" and "keytab add_apdate_ads" related tests from test_net_ads.sh
"net ads" will no longer support "keytab add", "keytab delete" and "keytab add_apdate_ads"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Stefan Metzmacher
db2c576f32 testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos
This shows that they are ignored for machine accounts as domain member.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-06-19 09:07:36 +00:00
Stefan Metzmacher
cda8beea45 testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-06-19 09:07:36 +00:00
Stefan Metzmacher
bdfbf25255 test_kinit_export_keytab: reset pw of the test account and test --only-current-keys
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 22 04:07:02 UTC 2024 on atb-devel-224
2024-05-22 04:07:02 +00:00
Stefan Metzmacher
bb8b7be74a s3:libads: let ads_sasl_spnego_bind() really use spnego to negotiate krb5/ntlmssp
For now we still do the ads_kinit_password() in ads_legacy_creds()
for callers that rely on the global krb5ccache to be filled.

E.g. the dns update code and the kpasswd code.

But at least ads_connect_internal() and ads_sasl_spnego_bind()
will allow to do the kinit in the gensec layer only if needed...

We'll remove ads_legacy_creds() during the following commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-05-14 10:18:31 +00:00
Stefan Metzmacher
1474f9c5de testprogs/blackbox: add better testnames in test_weak_disable_ntlmssp_ldap.sh
This makes it easier to adjust the expected output when it changes in
the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-05-14 10:18:31 +00:00
Stefan Metzmacher
3ea605d8af blackbox/test_kinit.sh: verify that --use-krb5-ccache= works without KRB5CCNAME
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-05-14 10:18:31 +00:00
Stefan Metzmacher
e6be6fa948 blackbox/test_net_ads_search_server: also test ldaps/starttls
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Andrew Bartlett
9d7a97dc98 samba-tool domain exportkeytab: Refuse to overwrite an existing file in full-db export
Since 87f67d3369 samba-tool domain exportkeytab has
silently unlinked the given target file.  Instead, the administrator now needs
to specify a file that does not exist.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14 22:06:40 +00:00
Andrew Bartlett
02f18a88da selftest: Ignore msKds-DomainID in ldapcmp_restoredc.sh and samba.tests.domain_backup_offline
Like serverReferenceBL etc, this will point to a DC that created the object, and
as part of the backup and restore, this DC will be deleted.  It is just for
tracking the object creation, so this is fine.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01 00:19:45 +00:00
Jo Sutton
059cb760b0 testprogs:blackbox: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Stefan Metzmacher
97e4aab1a6 CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 14:39:33 +00:00
Joseph Sutton
208f452e80 testprogs: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Stefan Metzmacher
62af25d44e nsswitch: add test for pthread_key_delete missuse (bug 15464)
This is based on https://bugzilla.samba.org/attachment.cgi?id=18081
written by Krzysztof Piotr Oledzki <ole@ans.pl>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-14 17:56:30 +00:00
Samuel Cabrero
f3c632e74b testprogs: Add net offlinejoin composeodj tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep  5 22:11:46 UTC 2023 on atb-devel-224
2023-09-05 22:11:46 +00:00
Samuel Cabrero
e92e4b9544 testprogs: Cleanup machine account in net offlinejoin tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Andreas Schneider
a7ed7405af testprogs: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-14 21:45:30 +00:00
Joseph Sutton
1fc549ae39 testprogs: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Jule Anger
4516fee9b5 testprogs/blackbox: add test_ldap_tls_reload.sh
This tests the reload (and if needed regeneration) of
tls certificates.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-25 20:04:29 +00:00
Stefan Metzmacher
91eb3f1d22 testprogs/blackbox: add --recursive tests to test_samba-tool_ntacl.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 22 00:22:47 UTC 2023 on atb-devel-224
2023-06-22 00:22:47 +00:00
Stefan Metzmacher
11741791cc testprogs/blackbox: move 'ntacl get' out of test_changedomsid() in test_samba-tool_ntacl.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 23:24:37 +00:00
Stefan Metzmacher
619f097b7d testprogs/blackbox: pass $CONFIGURATION to test_samba-tool_ntacl.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 23:24:37 +00:00
Stefan Metzmacher
c95813374a testprogs/blackbox: also raise the levels to 2012_R2/2016 in functionalprep.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Stefan Metzmacher
d2777d47d1 testprogs/blackbox: also prepare for to 2016 (schema=2019) in functionalprep.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Andreas Schneider
457a83e7ab testprogs: Do not export UID_WRAPPER_ROOT in test_kpasswd_heimdal.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:30 +00:00
Andreas Schneider
b41ff81a78 testprogs: Do not export UID_WRAPPER_ROOT in test_kpasswd_mit.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:29 +00:00
Andreas Schneider
ea566a825a testprogs: Do not export UID_WRAPPER_ROOT in test_pdbtest.sh
We already set root for smbpasswd.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:29 +00:00
Andreas Schneider
579182372a testprogs: Do not export UID_WRAPPER_ROOT in test_net_ads_dns.sh
There is not need for root here.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:29 +00:00
Andreas Schneider
1fb0b3684e testprogs: Do not export UID_WRAPPER_ROOT in test_samba-tool_ntacl.sh
There is not need for root here.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:29 +00:00
Andreas Schneider
3b612dc64a testprogs:subunit: Fix integer comparisons
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:29 +00:00
Andreas Schneider
e4b77dc38b testprogs:subunit: Fix assigning an array to a string
$@ is an array and we want a string.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:29 +00:00
Pavel Filipenský
076d852467 testprogs: Add test_alias_membership
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Noel Power
d36bab52d0 s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.

While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)

Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.

adjust
  samba4.blackbox.samba-tool_ntacl
  samba3.blackbox.large_acl
  samba.tests.samba_tool.ntacl
  samba.tests.ntacls
  samba.tests.posixacl

so various string comparisons of the sddl format now pass

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
 numbers, eg 0x001]
2023-04-28 02:15:36 +00:00
Douglas Bagnall
75a089dc46 test:bb/samba-tool ntacl: let return acl flag lack hex padding
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Pavel Filipenský
31418f95d3 testprogs: Set PREFIX_ABS before it is used in test_primary_group.sh
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 14 06:18:18 UTC 2023 on atb-devel-224
2023-04-14 06:18:18 +00:00
Joseph Sutton
f407b3ec0d testprogs: Return correct status code
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
23d2c9cb72 testprogs: Make test_rpcclient_expect_failure_grep() return 0 on success
This is more consistent with the behaviour of the other expect_failure
functions.

Adjust all callers expecting the opposite behaviour to match.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
dfb088aaed testprogs: Return correct status code
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
b62b0bd64b testprogs: Make test_smbclient_expect_failure() return 0 on success
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.

Adjust all callers expecting the opposite behaviour to match.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
833cefe8ee testprogs: Make testit_expect_failure() return 0 on success
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.

Adjust all callers expecting the opposite behaviour to match.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
b1df85e7d3 testprogs: Fix comparison
SC2039: In POSIX sh, == in place of = is undefined.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Andreas Schneider
484bf9c49a testprogs: Remove unused test_export_keytab_(heimdal|mit).sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr  6 14:47:20 UTC 2023 on atb-devel-224
2023-04-06 14:47:20 +00:00
Andreas Schneider
d9a9cb0396 testprogs: Merge export keytab tests into a single script for MIT and Heimdal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-06 13:45:35 +00:00
Andreas Schneider
deb9d1f656 testprogs: Fix shell arithmetic in test_export_keytab_mit.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-06 13:45:35 +00:00
Andreas Schneider
245990998f testprogs: Reformat test_export_keytab_mit.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-06 13:45:35 +00:00
Andreas Schneider
e560cf8ae1 testprogs: Fix shell arithmetic in test_export_keytab_heimdal.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-06 13:45:35 +00:00