1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

428 Commits

Author SHA1 Message Date
Andreas Schneider
e2c0fd36ba blackbox: Add test for 'net ads changetrustpw'
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144
2017-08-11 22:09:27 +02:00
Stefan Metzmacher
1e33a4f211 testprogs/blackbox: don't use hardcoded values in test_net_ads_dns.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-13 22:46:14 +02:00
Andreas Schneider
1e5797d19c testprogs: Add 'net rpc user' test against AD DC
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-11 20:30:12 +02:00
Christof Schmitt
0b1ba00b00 testprogs: Ignore escape characters when printing test name
Long story: This was triggered by the addition of the test_trust_ntlm.sh
script in commits 3caca9b and 2de1994. test_trust_ntlm.sh creates a
variable CREDS="$REALM\\$USERNAME%$PASSWORD" that is then used as part
of the test name. subunit.sh uses echo to print the name that is then
picked up by subunithelper.py. test_trust_ntlm.sh also uses /bin/sh as
shell which can be a POSIX compliant shell like dash.

This combination broke 'make test' for any username starting with the
letter c. In this case CREDS contains the escape sequence \c that is
defined to stop producing further output at this point. dash implements
this feature and the echo in subunit.sh as a result skips the output
after \c, including skipping the newline. This means that the data
received by subunithelper.py contains the timestamp from the next line
in the test name, which then breaks the testcase tracking.

Fix this by replacing the echo in subunit.sh with a printf that does not
trigger the special handling of escape characters.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May  5 23:44:16 CEST 2017 on sn-devel-144
2017-05-05 23:44:16 +02:00
Andreas Schneider
c5113138a9 testprogs: Add MIT Kerberos specific kpasswd blackbox test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:11 +02:00
Andreas Schneider
8fd03be276 testprogs: Add test with exported keytab from samba-tool
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:10 +02:00
Andreas Schneider
1521ec4083 testprogs: Add a kinit trust test for MIT KDC
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:10 +02:00
Andreas Schneider
3924426785 testprogs: Add test_kinit_mit.sh test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:10 +02:00
Andreas Schneider
8de3fd59e0 testprogs: Fix usage printout of bogus blackbox test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:10 +02:00
Andreas Schneider
bec3a18999 testprogs: Fix test_chgdcpass blackbox test with MIT
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:09 +02:00
Andreas Schneider
31491f8bb4 testprogs: Add common kinit function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:08 +02:00
Ralph Boehme
426e407c53 lib/util: add a test for samba_runcmd_send()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-20 16:53:16 +02:00
Stefan Metzmacher
2de1994e6f testprogs/blackbox: add test_trust_ntlm.sh
This verifies that various domain/realm and username
combinations map to the correct user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-04-10 01:11:20 +02:00
Stefan Metzmacher
66ee788a5a testprogs/blackbox: add test_rpcclient_*_grep helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-04-10 01:11:19 +02:00
Stefan Metzmacher
31f0b31308 testprogs/blackbox: use subunit_ helper functions in test_smbclient_*
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-04-10 01:11:19 +02:00
Andreas Schneider
acad0adc29 testprogs: Correctly expand shell parameters
The old behaviour is:

  for var in $*
  do
    echo "$var"
  done

And you get this:

$ sh test.sh 1 2 '3 4'
1
2
3
4

Changing it to:

  for var in "$@"
  do
    echo "$var"
  done

will correctly expand to:

$ sh test.sh 1 2 '3 4'
1
2
3 4

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 05:26:17 CET 2017 on sn-devel-144
2017-03-15 05:26:17 +01:00
Andreas Schneider
00e22fe3f6 testprogs: Test 'net ads join' with a dedicated keytab
This checks that a 'net ads join' can create the keytab and make sure we
will not regress in future.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-03-14 15:22:12 +01:00
Garming Sam
b4a7b3ff5c tests/dbcheck-links: remove spurious sleeping
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-13 05:10:12 +01:00
Garming Sam
6bbcd3bbd8 dbcheck: Improve dbcheck to find (and may fix) dangling msDS-RevealedUsers
We cannot add missing backlinks because of the duplicate checking. There
seems to be no trivial way to add the bypass.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-13 05:10:12 +01:00
Andreas Schneider
42bd003f46 testprogs: Add kinit_trusts tests with smbclient4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-03-10 11:37:21 +01:00
Andreas Schneider
9b3ff90dbc testprogs: Use smbclient by default in test_kinit_trusts
This is the tool we use by default and we should test with it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-03-10 11:37:21 +01:00
Garming Sam
6f2deb01fa tests/dbcheck: Add a test for two live objects, with a dangling forward link
Handling backlinks appears to be rather non-deterministic, so the
forward link hangs off of the RODC replication group (which has no other
valid forward links). In other situations, it either won't delete the
memberOf, or the expected output order will vary.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
2017-02-23 23:58:21 +01:00
Garming Sam
86f10eaecd tests/dbcheck: Add a test for two live objects, with a dangling backlink
Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
2017-02-23 23:58:21 +01:00
Garming Sam
44ee31675a dbcheck-links: Test that dbcheck against one-way links does not error
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12577
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 13 07:33:08 CET 2017 on sn-devel-144
2017-02-13 07:33:08 +01:00
Andrew Bartlett
35bfc62a31 dbcheck: Do not regard old one-way-links as errors
Samba does not maintain one way links when the target is deleted or renamed
so do not fail dbcheck because of such links, but allow them to be updated.

This matters because administrators and make test expect that normal Samba
operation do NOT cause the database to become corrupt, and any error from
dbcheck tends to trigger alarms (or test failures).

If an object pointed at by a one way link is renamed or deleted in normal
operations (such as intersiteTopologyGenerator pointing at a demoted DC),
or make test, then this could trigger.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12577
2017-02-13 03:39:23 +01:00
Andrew Bartlett
a9e0e7a9ef selftest: Do not test for link ordering in tombstones_expunge test
By testing only for the DNs that are returned we do not change the strictness of
the test, because it is a test of the match rule which applies to the whole
object, not the returned values.

However, when this code asserted the returned order of the links, it prevents
us from changing this order.  This order was not deterministic across DCs
but as this test ran against an offline DB, it was able to assume a
particular order.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-02-09 03:17:14 +01:00
Andreas Schneider
1aa765d344 testprogs: Use better KRB5CCNAME in test_password_settings.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-21 18:35:12 +01:00
Volker Lendecke
b5fe9c685f selftest: Fix timestamps on FreeBSD 11
FreeBSD's date does not print the %, and \? does not catch that

Tested this manually:

$ echo 'time: 2016-11-23 12:52:19.123456Z'| sed 's/\..*NZ$/.000000Z/'
time: 2016-11-23 12:52:19.123456Z
$ echo 'time: 2016-11-23 12:52:19.%6NZ'| sed 's/\..*NZ$/.000000Z/'
time: 2016-11-23 12:52:19.000000Z
$ echo 'time: 2016-11-23 12:52:19.6NZ'| sed 's/\..*NZ$/.000000Z/'
time: 2016-11-23 12:52:19.000000Z
$ echo 'time: 2016-11-23 12:52:19.NZ'| sed 's/\..*NZ$/.000000Z/'
time: 2016-11-23 12:52:19.000000Z
$

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 24 00:42:55 CET 2016 on sn-devel-144
2016-11-24 00:42:54 +01:00
Andrew Bartlett
44d209c893 selftest: Ensure we catch errors from samba-tool domain tombstones expunge
The previous code would overwrite $? before the return, so always returned 0

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
2016-11-22 02:10:16 +01:00
Andrew Bartlett
8315d4d03a selftest: Add test for link and deleted link behaviour in dbcheck
The other dbcheck tests were getting over-complex, so we start a new test
here based on tombestone-expunge.sh, as we are looking at very similar
problems

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
2016-11-22 02:10:16 +01:00
Garming Sam
dba624364c tombstones-expunge: Add a test for deleting links to recycled objects
Currently this fails because we rely on a GUID DN, which fails to
resolve in the case that the GUID no longer exists in the database (i.e.
when that object has been purged after 6 months).

The tests use a made up extended DN built from fred where the GUID has
been tweaked.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385
2016-11-02 21:58:24 +01:00
Noel Power
ebfe3c85d0 Add a blackbox tests for id & getent to test domain@realm type credentials
Using domain@realm credentials has been problematic when
global conf setting "winbind use default domain" is enabled, this patch
creates a new s4member_dflt_domain environment (where
"winbind use default domain" is enabled) and runs getent & id against the
normal s4member & and new s4member_dflt_domain environments

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-03 19:49:19 +02:00
Andreas Schneider
2dac252497 testprogs: Use own credential cache for test_client_etypes.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-09-25 09:05:27 +02:00
Andreas Schneider
7abda740f5 testprogs: Use better KRB5CCNAME in test_password_settings.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-09-25 09:05:27 +02:00
Andreas Schneider
5ae447e102 testprogs: Test only what the Heimdal kpasswd test should test
The test_password_settings.sh test does test using different password
settings and is not specific to the kpasswd implementation. This
test tests the kpasswd service.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 02:58:22 +02:00
Andreas Schneider
e5289191a9 testprogs: Make test_passwords.sh a Heimdal kpasswd test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 02:58:22 +02:00
Andreas Schneider
13fdeb0a98 testprogs: Add a new test_password_settings.sh script
This test is not Kerberos implementation specific.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 02:58:22 +02:00
Andreas Schneider
4899ece472 testprogs: Add a common test_smbclient_expect_failure() function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 02:58:22 +02:00
Garming Sam
0ab3263724 dbcheck: assert uSNChanged values in release-4-5-0-pre1
This shows that dbcheck doesn't change the replPropertyMetadata when
fixing the links on these objects.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Sep  8 14:39:19 CEST 2016 on sn-devel-144
2016-09-08 14:39:19 +02:00
Garming Sam
974a8da0d9 dbcheck: Make it clearer about temporary output
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-09-08 10:46:08 +02:00
Garming Sam
cf587f9aff tombstone-expunge: Assert than an expunge does not bump the USN
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-09-08 10:46:08 +02:00
Uri Simchoni
ec455796fe selftest: detect older tshark version
Detect older versions of tshark, which do not recognize
the -Y option, and skip the kerberos enc type tests

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep  5 16:31:58 CEST 2016 on sn-devel-144
2016-09-05 16:31:58 +02:00
Andrew Bartlett
737756b060 lib/ldb-samba: Add test for DSDB_MATCH_FOR_EXPUNGE match rule
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-09-01 05:49:15 +02:00
Andrew Bartlett
a999e8c0cb selftest: Add test for 'samba-tool tombstones expunge'
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-09-01 05:49:15 +02:00
Douglas Bagnall
dda1b74ea1 blackbox tests: add timestamps for subunit tests
There is the icky thing with sed because some kinds of `date` don't
have sub-second resolution, which we really want.

Another way to do it would be:

   python -c "import datetime; print datetime.datetime.utcnow().strftime('time: %Y-%m-%d %H:%M:%S.%fZ')"

which should be universal, but is a little slower.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-08-31 07:09:26 +02:00
Andrew Bartlett
db32a0e5ea dbcheck: Abandon dbcheck if we get an error during a transaction
Otherwise, anything that the transaction has already done to the DB will be left in the DB
even despite the failure.  For example, if a fix wrote to the DB, but then failed a post-write
check, then the fix will not be unrolled.

This is because we do not have nested transactions in TDB.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 29 12:46:21 CEST 2016 on sn-devel-144
2016-08-29 12:46:21 +02:00
Uri Simchoni
ce8c2adab7 selftest: skip client_etypes tests if tshark or sha1sum is not installed
That was the original plan - not to fail existing envs, but for subunit
not to fail, it is not sufficient to just return 0 from the script.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Aug 25 09:39:43 CEST 2016 on sn-devel-144
2016-08-25 09:39:43 +02:00
Uri Simchoni
3fcd937f05 selftest: tests for kerberos encryption types
This test uses tshark and cwrap's packet capturing capability
to observe the Kerberos handshakes and ensure the correct
encryption types are being used.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug  9 07:43:52 CEST 2016 on sn-devel-144
2016-08-09 07:43:52 +02:00
Stefan Metzmacher
82726acf14 testprogs/blackbox: add test_pkinit_pac_heimdal.sh
This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC
when using pkinit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
303906225a test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Garming Sam
56771ec6d0 dbcheck/release-4-1-0rc3: Add a check regarding replica locations
This DC has repsFrom for the DNS partitions, but not the corresponding
link. This ensures that dbcheck has fixed them up. This will currently
fail without the actual changes to dbcheck coming in the following
commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:08 +02:00
Garming Sam
289d0900ed dbcheck: Replica locations can now be leftover
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:08 +02:00
Garming Sam
9d1883ae8b renamedc: Make a more targeted dbcheck
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri Jul 15 13:40:40 CEST 2016 on sn-devel-144
2016-07-15 13:40:40 +02:00
Garming Sam
08d602b2ce dbcheck.sh: Remove all the plausible stale links
This ensures the subsequent dbcheck doesn't fail. The reason these stale
links occur is because they are effectively one-way links at this point
we have no efficient method of checking the opposite end of a one-way
link (without doing a full traversal).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:30 +02:00
Garming Sam
93be59ee0a dbcheck.sh: Fix the arguments supplied as $@
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:30 +02:00
Garming Sam
88591030ce tests/dbcheck: One way links are expected to be stale
Run a targeted dbcheck to fix only the one way links.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:30 +02:00
Douglas Bagnall
58acf513f9 dbcheck linked attribute tests: save environment with bad links
We save a database snapshot that contains linked attributes that
should have been deleted, and make sure dbcheck fixes those links
without ruining anything else.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:30 +02:00
Douglas Bagnall
f2b2eff681 blackbox/dbcheck-oldrelease: more accurate temp filename
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:29 +02:00
Douglas Bagnall
0b1405039c dbcheck: check for linked atributes that should not exist
In order to do this we need to use the reveal internals control, which
breaks the comparison against extended DNs. So we compare the
components instead.

Because this patch makes our code notice and fix stale one-way-links
(eg, after a rename) now, the renamedc test needs to be adjusted to
match.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-15 10:01:29 +02:00
Andreas Schneider
ef1a66dcdf testprogs: Do not use the deprecated samba-tool user add
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul  7 02:15:16 CEST 2016 on sn-devel-144
2016-07-07 02:15:16 +02:00
Richard Sharpe
1444196521 testprogs/blackbox: Improve the net ads dns register tests.
More tests are added that add an unprivileged user, enable their
account, and then test that they can add IP addressed but that they
cannot modify other user's IP addresses.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sun Jul  3 14:24:59 CEST 2016 on sn-devel-144
2016-07-03 14:24:58 +02:00
Uri Simchoni
2352e49f32 selftest: Add test for domain join + kerberos-only auth
Add "net ads join/leave -k" tests to the net_ads test suite.

Shift the test suite from ad_member env to ad_dc env, because:
1. Seems more appropriate (the member server plays no role in this
   test)
2. The -k test breaks against the ntvfs file server for some reason,
   when trying to open the netlogon named pipe after having established
   the session with Kerberos (the create fails).

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  1 15:36:37 CEST 2016 on sn-devel-144
2016-07-01 15:36:37 +02:00
Stefan Metzmacher
8a74d8e266 test_pkinit_heimdal.sh: add a FILE: prefix to the KRB5CCNAME variable
This makes the tests more robust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Stefan Metzmacher
5e4928c366 test_pkinit_heimdal.sh: add a helper VARIABLE to store the certificate paths
We also don't need the separation of admincert.pem and admincertupn.pem
anymore.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:24 +02:00
Richard Sharpe
ed4af82a4f s4/selftests: test net ads dns register/unregister.
Add a new test for the net ads dns commands and the needed self test
setup. Currently tests that we can register a name and that it
turns up. Also, tests that we can register with -P.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-28 22:35:35 +02:00
Andrew Bartlett
0b525fe862 selftest: Do not scan the full DB to confirm a specific DN in dbcheck
This avoids a full DB scan and therefore reduces the test time taken
when we just modified the cn=administrator record.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-07 10:28:10 +02:00
Andrew Bartlett
db15993401 dbcheck: Find and fix a missing Deleted Objects container
Older Samba versions could delete this.  This patch tries very hard
to put back the original object, with the original GUID, so that
if another replica has the correct container, that we just merge
rather than conflict.

The existing "wrong dn" check can then put any deleted objects
under this container correctly.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Richard Sharpe
415872990e selfttest: add common_test_fns.inc
Create an include file of common functions used by several of the
blackbox tests in testprogs and then make all the users of
test_smbclient include that file so we can eliminate duplicate code. We
pass the UNC to the test_smbclient function.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 28 16:50:35 CEST 2016 on sn-devel-144
2016-04-28 16:50:35 +02:00
Ralph Boehme
fcf2cbb095 selftest/samba4.blackbox.export.keytab: check AS-REQ with SPN
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Ralph Boehme
957741ce65 selftest/samba4.blackbox.export.keytab: check exported keytabs
Now that we have a usable ktutil, actually verify that the exported
keytabs contains the keys we expect.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Ralph Boehme
5927e46000 selftest/samba4.blackbox.export.keytab: use spn based on fqdn
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Stefan Metzmacher
2b40fb8509 CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
We want to test against all "ldap server require strong auth" combinations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Uri Simchoni
b96511f81b selftest: add some test cases to net ads join
Perform a testjoin between steps to verify join status
Perform most testjoins with machine account because that's
the more common case.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 10 14:41:13 CET 2016 on sn-devel-144
2016-03-10 14:41:13 +01:00
Uri Simchoni
b27cf10c0c selftest: run net ads join test in a private client env
net ads join command changes machine password, thus affecting
the test environment beyond the thing we want to test.

This cange runs the test in a private client env, with its
own hostname, newly-generated machine SID, and a separate
secrets.tdb, thus not affecting the running AD member server,

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-03-10 11:27:29 +01:00
Andreas Schneider
f7116f0ad0 s4-selftest: Make export keytab test heimdal specific
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-03-10 06:52:26 +01:00
Andrew Bartlett
ca9bbc8cc5 selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
The unimportant lines starting with # sorted differently between these
two platforms.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:15 +01:00
Andrew Bartlett
c79c1e405d dbcheck: Check for and remove duplicate values in attributes
This can happen with three DCs and custom schema, but we test
it by just forcing the values directly into the backing tdb.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:30 +01:00
Andrew Bartlett
5fb98a3534 dbcheck: Fix incorrect/duplicate attrid in replPropertMetaData
If custom schema is used in a replicated DC environment, these are created as soon as
an attribute is modified on more than one DC.  We have to remove these.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:28 +01:00
Christof Schmitt
4164111f55 testprogs/blackbox/subunit: Fix testok
The fail count is always in the second parameter. Omit the shift
operations, so that the value can be read correctly from $2.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 20 03:58:01 CET 2016 on sn-devel-144
2016-02-20 03:58:01 +01:00
Andreas Schneider
30419f2966 tests: Rename heimdal blackbox tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-01-22 11:07:31 +01:00
Uri Simchoni
3e1b26bd6d selftest: more dfree command and smbclient disk usage tests
Add tests that cover disk usage printing by smbclient, as well
as passing directory info to the "dfree command" script.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11662

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan  6 03:58:59 CET 2016 on sn-devel-144
2016-01-06 03:58:59 +01:00
Garming Sam
576b92abc3 pdb: add a blackbox test for setting password with hash
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-11-30 03:49:25 +01:00
Andreas Schneider
c474173a83 tests: Add tests for net ads (join|leave)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Nov  4 15:35:57 CET 2015 on sn-devel-104
2015-11-04 15:35:56 +01:00
Andrew Bartlett
0d962e010e selftest: Confirm a demote of a real network works
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 26 08:17:47 CET 2015 on sn-devel-104
2015-10-26 08:17:47 +01:00
Andrew Bartlett
dcc657a221 selftest: Add assertion that we actually fix the replPropertyMetaData sort order
This ensures that the dbcheck rule fixes the sort order (and only fixes the sort order).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 25 02:45:58 CEST 2015 on sn-devel-104
2015-08-25 02:45:58 +02:00
Andrew Bartlett
06f378fa65 lib/tls: Change default supported TLS versions.
The new default is to disable SSLv3, as this is no longer considered
secure after CVE-2014-3566.  Newer GnuTLS versions already disable SSLv3.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
2015-07-20 03:08:26 +02:00
Andreas Schneider
1f90bb6049 selftest: Add test for the dfree command
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 22:09:34 CEST 2015 on sn-devel-104
2015-07-17 22:09:33 +02:00
Stefan Metzmacher
80be365e62 testprogs/blackbox: add test_trust_utils.sh
This tests 'samba-tool domain trust *' commands.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Stefan Metzmacher
03fc85e39b testprogs/blackbox: let test_kinit_trusts.sh verify that setpassword (via LDAP) is rejected
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Stefan Metzmacher
b2ad31ac0d testprogs/blackbox: let test_kinit_trusts.sh test a enterprise upn from the other foreset
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Stefan Metzmacher
7ee4f23821 testprogs/blackbox: add test_kinit_trusts.sh
That verifies kinit and smbclient work across trusts.

It also tests a trust password change and a following
access.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Michael Adam
64738c3206 selftest: make blackbox.pkinit test independent of test environment.
This lets the test not clutter the main selftest prefix directory
with temporary data.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 23:04:46 +01:00
Michael Adam
32206b045b selftest: make blackbox.ktpass test independent of test environment.
This also prevents the test from cluttering the main
selftest prefix directory with temporary data.

Note: this test is currently skipped but it should
be adapted because of the environment renames anyways.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 23:04:46 +01:00
Michael Adam
7293767a8b selftest: make blackbox.passwords test independent of test environment.
This also prevents the test from cluttering the main
selftest directort with temporary data.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 23:04:46 +01:00
Michael Adam
0bcea51507 selftest:test_kinit: remove commented out line with outdated content.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 23:04:46 +01:00
Andrew Bartlett
6fe8cd2fdf selftest: Improve renamedcs test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-06 17:39:58 +01:00
Andrew Bartlett
fb250d1328 testprogs-test_chgdcpass.sh: Improve comments to explain why we check about changing the password twice
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
e189e9ed4b selftest: Improve renamedc tests to confirm more than just the exit code
This now confirms that the DC has been renamed

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-25 01:08:12 +01:00
Andrew Bartlett
c1280569a9 sefltest: Add test for enterprise UPN in a different domain
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-01-23 05:42:08 +01:00
Garming Sam
64f5984273 test: improve kinit kerberos tests
For enterprise and windows style kinit, a UPN is now configured.

There are now additional smbclient calls and added cache removals
to make the tests more robust.

Change-Id: I7c58ae4c9f303ca74a52878aa5dce2cc5f7d6742
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-12-18 00:25:06 +01:00
Stefan Metzmacher
7e81fe2825 testprogs/test_ldb: check rootdse search with extended-dn control
Verifies BUG: https://bugzilla.samba.org/show_bug.cgi?id=10949

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Dec 12 20:15:46 CET 2014 on sn-devel-104
2014-12-12 20:15:46 +01:00
Andreas Schneider
9cde3aec48 testprogs: Set functional domain level to 2003.
The default changed to 2008r2 recently.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-12-05 23:32:06 +01:00
Andrew Bartlett
b9701a0a79 provision: Change the default functional level of new Samba domains to 2008R2.
Windows 2003 is going out of support shortly, and we want users to have AES by default

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-30 12:32:05 +02:00
Günther Deschner
c4e15e0f6d testprogs: use texpect instead of rkpty.
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
a78a87ac53 testprogs: test kpasswd via "net ads password".
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
fa39e025ff testprogs: use texpect in passwords test file instead of rkpty.
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
af7613fa25 testprogs: allow to run passwords test with MIT and Heimdal kinit.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Andreas Schneider
7982c373b0 testprogs: Use the system binaries for KRB5 if we don't build in-tree heimdal.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Andrew Bartlett
9bfbff6543 dbcheck: Add check and test for various invalid userParameters values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Change-Id: I6f2f4169856ce78c62e3a7e74b48520cca9cb9ae
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-09 08:42:08 +02:00
Andrew Bartlett
c664859a12 selftest: Test auth_wbc, the auth4 winbind and winbind_wbclient modules using pdbtest
This ensures these authentication modules continue to operate correctly, and that the results are consistent.

Andrew Bartlett

Change-Id: I7f63cd93e55c6f73ceeafb14f1dc265291791803
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 16 12:50:44 CEST 2014 on sn-devel-104
2014-05-16 12:50:44 +02:00
Andrew Bartlett
66c099cc58 selftest: Run pdbtest under valgrind if specified
Change-Id: I21e169ba563551e13c46f07f86205625ad166c64
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2014-05-16 10:23:26 +02:00
Andrew Bartlett
7c2bf8d2bc selftest: Add tests for dbcheck detection and removal of partial objects
To avoid listing all the provision snapshots, we use a broader blacklist for waf dist
and a whitelist for dbcheck-oldrelease.sh

Andrew Bartlett

Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-03 07:57:13 +02:00
Andreas Schneider
363f76c305 testprogs: Fix tests calling smbpasswd.
smbpasswd has a check that it is root so make sure we start with
uid_wrapper being root!

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:05 +02:00
Andrew Bartlett
f596dc94e1 dbcheck: Ensure dbcheck can operate with --attrs set
This also includes a test to ensure we do not regress on this point.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-21 08:03:07 +01:00
Andreas Schneider
293aac0508 testprogs: Fix pkinit test with system ldb.
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 21 17:58:24 CET 2014 on sn-devel-104
2014-02-21 17:58:24 +01:00
Andreas Schneider
069015bee9 testprogs: Fix kinit test with system ldb.
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2014-02-21 15:59:28 +01:00
Andreas Schneider
e2b0d25b70 testprogs: Use system binary if we did not build ldbdel.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Feb 18 12:45:41 CET 2014 on sn-devel-104
2014-02-18 12:45:41 +01:00
Andrew Bartlett
a3f25f2511 selftst: add tests based on 4.1.0rc3 to check for zero invocationID in replPropertyMetaData
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 23 01:29:10 CEST 2013 on sn-devel-104
2013-09-23 01:29:10 +02:00
Andrew Bartlett
9c11ad25b2 selftest: Only run referenceprovision and ldapcmp for the 4.0.0 test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 14:39:50 -07:00
Andrew Bartlett
16b26eafa7 selftest: Add a basic test of samba_upgradedns
This does not check that the command runs correctly, but does at least check
that the command runs to completion without errors.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-04 07:08:16 +02:00
Andrew Bartlett
1589e46d11 selftest: Add tests for samba-tool dbcheck --reset-well-known-acls
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:35:03 +01:00
Andrew Bartlett
b9b6375699 selftest: Remove output directories to save disk space
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:35:05 +01:00
Andrew Bartlett
787a6aacc3 samba_upgradeprovision: Remove auto-detection of pre-alpha9 databases
These are incredibly rare, and administrators running such databases
not only ask the Samba Team for help personally, they can read --help.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:33:04 +01:00
Andrew Bartlett
08f0562240 selftest: Run dbcheck and improved upgrdeprovision tests against release-4-0-0
The improved upgradeprovision tests now call ldapcmp to verify the
changes made do actually bring the database in line with a fresh
provision.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:32:25 +01:00
Andrew Bartlett
72f73ebaff selftest: Do an ldapcmp run against the upgraded domain
This checks (with a set of known issues marked in the --filter attribute) that the upgraded
domain matches a fresh provision.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:32:06 +01:00
Andrew Bartlett
0180a027cb subunit: Add a sh macro for skipping a test
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:18:07 +01:00
Andrew Bartlett
0f8ef5a2c8 selftest: Add test of upgradeprovision using the old alpha13 tree
This ensures that upgradeprovision works as expected on a known good old database.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jan 27 11:55:54 CET 2013 on sn-devel-104
2013-01-27 11:55:54 +01:00
Andrew Bartlett
99d872ee92 s4-dbcheck: Allow forcing an override of an old @MODULES record
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10 14:52:45 +01:00
Andrew Tridgell
dd60dcf343 test-chgdcpass: test the ldap case for server password change
use samba-tool drs options which does both RPC and LDAP connections

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Tridgell <tridge@samba.org>
Autobuild-Date(master): Thu Nov  1 07:21:17 CET 2012 on sn-devel-104
2012-11-01 07:21:17 +01:00
Andrew Tridgell
e48099516e test_chgdpass: use drs bind to test password change on RPC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01 15:40:40 +11:00
Andrew Tridgell
fce66b22ea test_chgdpass: added test for kerberos retry
this tests that we correctly retry with a new ccache entry when a
server changes its password while we have a valid ticket

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01 15:40:40 +11:00
Stefan Metzmacher
52ba3c8e6a testprogs/blackbox: make use of samba-tool domain provision
metze
2012-09-11 08:35:57 +02:00
Andrew Bartlett
3ad9c52b14 selftest: skip tests if the tarball did not include the alpha13 provision 2012-09-03 19:24:10 +10:00
Andrew Bartlett
2b404462f5 selftest: Pass --use-ntvfs to provison in renamedc test
Also fix test prefix to match the test

Andrew Bartlett
2012-08-22 01:31:57 +02:00
Andrew Bartlett
a29bf4acf5 selftest: run pdbtest against s3dc as well
This validates the password expiry, account disable in the s3 auth code
and the save/restore of values in tdbsam.

It also provides the first test of some net sam set subcommands.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 20:39:38 CEST 2012 on sn-devel-104
2012-06-28 20:39:38 +02:00
Andrew Bartlett
471a6b3992 s4-selftest: expand passdb testing
This tests pdb_samba4 in the first instance
2012-06-27 11:29:17 +02:00
Andrew Bartlett
207984464f s4-selftest: Test login with a password expired user
This uses rkpty to test changing an expired password.

Andrew Bartlett
2012-06-27 11:29:17 +02:00
Björn Jacke
94afad20b5 tests: make test_ldb portable, eliminate "local" keyword
this is BASH only, don't use it.
2012-06-27 00:19:19 +02:00
Andrew Bartlett
d1d36d2563 s4-selftest: Add tests for dbcheck on an old database that needs repair
We changed a lot since alpha13, so there are lots of legitimate errors to fix.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 16 05:44:15 CEST 2012 on sn-devel-104
2012-06-16 05:44:15 +02:00
Michael Adam
72fbbdb9b3 s4:selftest: change the blackbox.passwords test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
e7281b450a s4:selftest: change the blackbox.pkinit test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
d86ae30bb8 s4:selftest: change the blackbox.kinit test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
104135faa9 s4:selftest: change the blackbox.export.keytab test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
00f5473de8 s4:selftest: change the blackbox.chgdcpass test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
da82c07e13 s4:selftets: change the blackbox.bogusdomain test to use binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Andrew Bartlett
ca2b6259b7 s4-selftest: Demonstrate the correct behaviour between specified usernames and kerberos ccache
This shows that a username/password on the command line must always
override any credentials cache in the environment.

Andrew Bartlett
2012-05-24 16:21:26 +02:00
Alexander Bokovoy
dc3f74a953 auth/credentials: 'workgroup' set via command line will not drop existing ccache
The root cause for existing ccache being invalidated was use of global loadparm with
'workgroup' value set as if from command line. However, we don't really need to take
'workgroup' parameter value's nature into account when invalidating existing ccache.
When -U is used on the command line, one can specify a password to force ccache
invalidation.

The commit also reverts previous fix now that root cause is clear.
2012-05-24 16:21:26 +02:00
Andrew Bartlett
22cd4bcc9e s4-selftest: Always delete the user at the end of test_passwords.sh
If this test is run in the "dc" environment (rather than "dc:local") is would not delete the
test user.

Andrew Bartlett
2012-05-24 09:59:04 +02:00
Alexander Bokovoy
dcfb34fbb4 blackbox: fix samba4.blackbox.kinit test
This deserves some explanation.

With commit 518232d457 samba4.blackbox.kinit test set
was wrapped with password settings reset before and after the tests with an idea to
maintain reliable state for the tests. As result, the resetting of the password
settings was done after the test that tried to use smbclient with a Kerberos ticket
obtained with machine account credentials.

However, the code in credentials_krb5.c, function cli_credentials_get_client_gss_creds(),
never worked correctly when credentials were already in ccache. Instead, gensec_gssapi module
always re-kinited even if existing credentials were available in the ccache. This had an effect
on 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' test equal to
never having initialized ccache at all, as if 'rm -f $KRB5CCNAME' was run before the test.

When the issue of not using already initialized credentials from ccache was fixed with
d0aae88f1290e6a7a6d4bfc24aa62795e4892a31 'auth-credentials: Support using pre-fetched ccache
when obtaining kerberos credentials' commit, Samba 4 credentials library started to correctly
re-used already obtained credentials from ccaches. This caused failure of the test
'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' because machine account
has no permissions to modify password settings.

Thus, the correct fix is to reset ccache state before performing the test.

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed May 23 18:46:12 CEST 2012 on sn-devel-104
2012-05-23 18:46:12 +02:00
Andrew Bartlett
95976d4ec2 selftest: Rework samba4.blackbox.bogusdomain to use a temporary user
This avoids leaving an account in the test environment after the test is run
and therefore avoids issues with interations with other tests.

Also, we now use the local administrator account in the member server to
add the test account.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Mar  2 14:44:36 CET 2012 on sn-devel-104
2012-03-02 14:44:36 +01:00
Andrew Bartlett
eecf2ac4c8 selftest: Remove unused support for --exeext 2012-02-01 02:45:07 +01:00
Matthieu Patou
7350d99409 s3: check that a user in a bogus domain name is mapped to the localnetbios name of a domain member
This means that if we authentify for BOGUS\administrator in AD domain
FOREST with samba being domain member with the netbiosname MEMBER then
BOGUS\administrator will be mapped to MEMBER\administrator if the
password match.
2012-01-30 08:23:11 -08:00
Andrew Bartlett
bbacd901cd selftest: Add test for smbpasswd against pdb_samba4
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 24 11:05:09 CET 2012 on sn-devel-104
2012-01-24 11:05:09 +01:00
Andrew Bartlett
2da506ee66 s4-selftest re-enable nsstest on libnss_winbind.so 2011-12-07 03:09:08 +01:00
Andrew Bartlett
2bff209128 s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.

Based on a request by Gémes Géza <geza@kzsdabas.hu>

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
2011-11-29 09:20:54 +01:00
Theresa Halloran
b26a4f6232 s4: samba-tool subcommand rename - change samba-tool user add to samba-tool user create
Signed-off-by: Theresa Halloran <thallora@linux.vnet.ibm.com>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2011-10-23 15:23:28 -07:00
Andrew Bartlett
f8c6219188 s4-selftest When testing for a credentials cache, do not specify a domain
If we specify a domain, then we indicate that we must use that domain
which overrides the credentials cache we found in the environment.

Andrew Bartlett
2011-10-18 13:13:30 +11:00
Amitay Isaacs
6c1cbfb232 tests-blackbox: Revert the test to use user-level change password command
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
fca7062d2a test-blackbox: use python version of change password command
Replace the "samba-tool user setpassword" command with user level
"samba-tool user password" command.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
db151ee3c0 test-blackbox: Rearrange arguments for samba-tool user setpassword command
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
c876993901 test-blackbox: Remove 'domain\' from username for samba-tool user setpassword
Python version of samba-tool does not require 'domain\' prefix for username.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Amitay Isaacs
94976ee2ef test-blackbox: Rearrange the arguments in required order for samba-tool time
Python version of samba-tool requires the command and the subcommand to
be specified before the options.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:53 +10:00
Giampaolo Lauria
901959d9ca samba-tool: updated test suite to account for newuser change
Updated test suite invocations of newuser to "user add" as
the newuser functionality is now being moved to "user add"

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:51 +10:00
Giampaolo Lauria
2e082853fb samba-tool: update test suite to reflect the move from password to "user setpassword"
This is part of the work to reflect the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:51 +10:00
Andrew Tridgell
88df1da2b2 s4-test: don't fix broken objects during dbcheck test
this leaves the database as-is, which makes it easier to examine the
problem
2011-07-21 11:44:33 +10:00
Andrew Tridgell
bba7dc5092 dbcheck: test the --reindex option
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:32 +10:00
Andrew Tridgell
190ec87964 s4-test: added dbcheck run to test suite
This should catch corruption that happens during a test run

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:32 +10:00
Andrew Tridgell
7d399376b8 samba-tool: use 'exportkeytab' instead of 'dumpkeys'
a 'keytab' is a particular format known to administrators, whereas
'keys' is a bit too vague

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:31 +10:00
Giampaolo Lauria
9f32f86018 samba-tool: updated test suite for the new domain dumpkeys option
The test suite has been changed to reflect the move from export to "domain dumpkeys" to reflect the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:23 +10:00
Giampaolo Lauria
8c7718ac16 samba-tool: update test suite for the new domain object
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:23 +10:00
Giampaolo Lauria
c4a92292c1 samba-tool: update test suite for add setpassword
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:22 +10:00
Andrew Tridgell
1ee67df307 s4-test: fixed usage message on renamedc.sh 2011-07-13 12:51:05 +02:00
Andrew Tridgell
9bd695c83f samba-tool: update tests for new 'user enable' syntax
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun  1 10:37:50 CEST 2011 on sn-devel-104
2011-06-01 10:37:50 +02:00
Matthieu Patou
49c99d0515 s4: add blackbox test for rename
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat May 21 09:50:34 CEST 2011 on sn-devel-104
2011-05-21 09:50:34 +02:00
Andrew Bartlett
4fd6ebf544 selftest: Remove duplication between BUILDIR and BINDIR
Just have BINDIR, and have it default to ./bin

Andrew Bartlett
2011-04-16 11:43:04 +02:00
Michael Adam
7c72ce9f48 testprogs/blackbox/subunit: add testok() for easier integration of s3 tests. 2011-02-16 12:56:40 +01:00
Andrew Tridgell
b49973404c blackbox: removed assumption of build directory
this fixes the blackbox tests for a top level build

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-07 13:22:00 +11:00
Stefan Metzmacher
769425662e testprogs:test_kinit: create tmp files under $PREFIX
metze
2010-12-24 17:31:06 +01:00
Jelmer Vernooij
d237698850 blackbox.ldb: Support using system ldbsearch.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Nov 27 04:32:11 CET 2010 on sn-devel-104
2010-11-27 04:32:11 +01:00
Andrew Bartlett
b8631597f5 s4-test_kinit Add tests for lowercase realm combinations
This tests that the handling of lowercase realms works in our KDC and
libraries.

Andrew Bartlett
2010-11-16 16:01:19 +11:00
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-28 07:25:16 +00:00
Andrew Tridgell
006111646c s4-test: fixed a typo in test_kinit.sh
too many Ts

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 15 10:14:27 UTC 2010 on sn-devel-104
2010-10-15 10:14:27 +00:00
Andrew Tridgell
d59a342c71 s4-test: fixed test_kinit.sh time command test
passing -W breaks -k yes
2010-10-15 09:32:03 +00:00
Stefan Metzmacher
34692556be s4:blackblock/ktpass: use test specific user name
metze
2010-07-31 11:22:15 +02:00
Matthieu Patou
e461e29cd9 s4 unittests: add blackblox test for ktpass 2010-07-17 17:56:16 +04:00
Andrew Bartlett
0e212acd32 s4:testprogs Operate the blackbox kinit and net tests using the :local config
This :local tells selftest.pl to use the local smb.conf for the test
environment, not the generic client smb.conf

This then makes the rest work properly - otherwise, it may attempt to
connect to the wrong KDC for example.

The only problem is that we can't test the 'net join' with this set,
so this is removed from the test.  The member server test environment
checks this anyway.

Andrew Bartlett
2010-07-16 07:08:41 +10:00
Andrew Bartlett
8769e75a61 s4:testprogs Show that we no longer delete the old keytab entries
By using a CCACHE obtained while the old password was still valid, we
can tell if the server still accepts incoming Kerberos connections
with the old password.

Andrew Bartlett
2010-07-15 22:08:22 +10:00
Andrew Bartlett
5d61b477c6 s4:testprogs Prove kerberos still works after a password change
Changing the machine account password should not prevent connections
with a current, valid CCACHE.  This is because when the password is
changed, the server-side keytab keeps one old password around.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:22 +10:00
Matthieu Patou
0496af8341 s4: Unit test update_machine_account_password through kinit
This patch is for testing the chgdcpass script which is mostly a call to
update_machine_account_password.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:20 +10:00
Stefan Metzmacher
22dfb16d73 testprogs/blackbox/subunit.sh: initialize failed to 0
This is a short-term workarround for broken scripts,
which use "exit $failed", without initializing failed.

We need a discussion on the mailing list how to handle this
in a nicer way.

This should fix some random failures in the blackbox tests.

metze
2010-07-10 09:35:04 +02:00
Matthias Dieter Wallnöfer
518232d457 s4:kinit blackbox test - set/reset also here the "minPwdAge" 2010-07-03 16:08:24 +02:00
Matthias Dieter Wallnöfer
73c69a195a s4:blackbox/test_passwords.sh - perform also here the adaptions for "minPwdAge" != 0 2010-07-03 11:38:49 +02:00
Andrew Bartlett
48c8896f2e s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
This allows us to run the PKINIT tests only against the main DC (for
which the certificates were generated), while testing the available
encryption types in each functional level.

In particular, we need to assert that AES encryption is available in
the 2008 functional level.

Andrew Bartlett
2010-06-29 16:59:31 +10:00
Matthias Dieter Wallnöfer
088a25912e s4:blackbox/test_kinit.sh - Test the new "net user add <user> [<password>]" syntax 2010-05-09 19:14:47 +02:00
Andrew Tridgell
48330c828e s4-test: check that a weak password is rejected by kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-16 14:12:44 +10:00
Stefan Metzmacher
16d4d0346d testprogs/blackbox/test_kinit: reorder arguments to "net time" to fix make test
metze
2010-04-13 10:09:18 +02:00
Andrew Bartlett
df7fbf28ee s4:testprogs Update test to match current Heimdal 2010-03-27 12:23:21 +11:00
Andrew Bartlett
6798543842 s4:testprogs Fix kinit test for updated Heimdal 2010-03-27 11:53:49 +11:00
Andrew Bartlett
0a65bb57a1 s4:selftest Add testing of kpasswd password set on servicePrincipalName 2010-03-25 16:32:04 +11:00
Andrew Bartlett
a9d9447d5a s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.

The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.

Andrew Bartlett
2010-02-20 17:58:07 +11:00