1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

1050 Commits

Author SHA1 Message Date
Andrew Bartlett
bd60c605ca selftest: Remove duplicate setup of "spn/upn namespaces" in the customdc testenv
The call to $self->setup_namespaces() was allways in error, as the design
is to have the in the state that it was backed up in, but before commit
08be28241b the error return was not
checked and so this was harmless.

The customdc environment is not tested in selftest currently, as
it is intended to be used for manual testing of domains from backup
files not as an automatically constructed environment.

This makes:
 BACKUP_FILE=samba-backup-2024-04-11T14-10-20.437096.tar.bz2 SELFTEST_TESTENV=customdc make testenv
work again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-04-16 03:58:31 +00:00
Stefan Metzmacher
796f33c05a s4:nbt_server: simulate nmbd and provide unexpected handling
This is needed in order to let nbt_getdc() work against
another AD DC and get back a modern response with
DNS based names. Instead of falling back to
the ugly name_status_find() that simulates just
an NETLOGON_SAM_LOGON_RESPONSE_NT40 response.

This way dsgetdcname() can work with just the netbios
domain name given and still return an active directory
response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-05 12:24:42 +00:00
Pavel Filipenský
2dab3a331b selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-02 12:25:31 +00:00
Stefan Metzmacher
b17e090e7c python/blackbox: add rpcd_witness_samba_only.py test
This tests the witness service and its interaction with
ctdb.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
3ede69552c selftest/Samba: export CTDB_PREFIX in clusteredmember testenv
It means ctdb/tests/local_daemons.sh will be easily useable

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
2f9dfaae44 selftest/Samba3: start samba_dcerpcd in clusteredmember
This enables the rpcd_witness to be available.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
15b17f1fff selftest/Samba3: remove unused variable in setup_clusteredmember
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
bc2a77373a selftest/Samba3: get NETBIOSNAME correct for clusteredmember
It was missed in commit
7598b9069d

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Ralph Boehme
000bbede59 selftest: test listing trusted domains that includes an NT4 domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-01-20 13:20:37 +00:00
Ralph Boehme
645a725603 selftest: create trust between fl2008r2dc and nt4_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-01-20 13:20:37 +00:00
Ralph Boehme
9725aa932e selftest: rename a variable in setup_fl2008r2dc()
Prepares for adding another variable with a similar name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-01-20 13:20:37 +00:00
Ralph Boehme
5420af6942 selftest: do early exit in setup_fl2008r2dc() if provision_fl2008r2dc() fails
No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-01-20 13:20:37 +00:00
Ralph Boehme
d0cdc81aa9 selftest: fix domain name of nt4_dc_smb1 environment
It had the same workgroup as the nt4_dc environment:

$ grep workgroup st/nt4_dc/lib/server.conf st/nt4_dc_smb1/lib/server.conf
st/nt4_dc/lib/server.conf:      workgroup = SAMBA-TEST
st/nt4_dc_smb1/lib/server.conf: workgroup = SAMBA-TEST

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-01-20 13:20:37 +00:00
Björn Jacke
c09d1a3ac1 tests: add a test for "fake directory create times"
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 16 15:44:10 UTC 2024 on atb-devel-224
2024-01-16 15:44:10 +00:00
Björn Jacke
85f7d9d5b9 tests: add test for vfs_worm
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-01-16 14:37:31 +00:00
Björn Jacke
f02b0b984b tests: add a test for vfs_recycle
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-01-16 14:37:31 +00:00
Ralph Boehme
78119edba0 selftest: remove error_inject from shadow_write share
Frankly, I can't remember why I added this as part of bug 13688. The
goal of the corresponding test is to verify a write on a read-only
file handle fails. As the file is opened O_RDONLY, the write will fail
anyway and there's no need to inject the error.

To make things worse, having the error injected meant we didn't notice
when the underlying logic of forcing the open to be done with O_RDONLY
was done as O_RDWR, resulting in the write on the handle to succeed.

This happened when we introduced reopen_from_fsp(): the initial
pathref open of a path with a twrp value was correctly detected and
handled by shadow_copy2_openat(). However, when converting the pathref
open to a real one via reopen_from_fsp(), shadow_copy2_openat() only
sees the magic /proc/fd path and has no way of inferring that this was
originating from a prevous version open with a twrp value.

Tl;dr: we can just remove this error injection, it is not needed, the
correct fix is to implement this in the SMB layer which is done in the
subsequent commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-01-08 15:53:35 +00:00
Stefan Metzmacher
38b74d4ca9 selftest: export/use CTDB related envvars in order to run the ctdb command
This makes it easier to test things...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2023-12-15 11:06:34 +00:00
Andreas Schneider
c46769f3f1 s3:tests: Fix smbget test
Time to fix the smget share to not have `guest ok = yes` set. A new
[smbget_guest] will be used for guest only tests. This way we can
correctly test different authentication mechanisms.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
56d0c3a026 selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
We should start using those in future. So we can distinguish which
privileges we want. Currently DC_USERNAME is the Administrator. Whatever
possible should use DOMIAN_USER instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
a2af6946f5 selftest: Remove trailing tabs/white spaces in Samba4.pm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
ad0c0dd071 selftest: Show that 'allow trusted domains = no' firewalls Unix User|Group
UNEXPECTED(failure): samba3.blackbox.smbclient_auth.plain.local_creds.smbclient //LOCALSHARE4/forceuser_unixonly as user(simpleserver)
REASON: Exception: Exception: tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-12-01 07:07:31 +00:00
Ralph Boehme
631e6aa0d0 smbd: bring back "smb3 unix extensions" option
This basically reverts commit b3cae8dcf1
with a few important differences:

* SMB3 UNIX extensions are always built, but disabled by default at runtime.

* They are globally enabled in the fileserver test environment.

* It's now a per-share option, so admins can selectively disable them
  on a per-share basis. This allows clients to detect early that a share
  doesn't support user mount requested POSIX and fail appropiately, passing
  the failure to the requesting application (mount command).

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-11-27 18:31:35 +00:00
Noel Power
d9c230ff80 python/samba/tests: Add smbcacl tests for save/restore
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Ralph Boehme
7c8dea14da smbtorture: add test for fruit:validate_afpinfo option
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 24 22:30:06 UTC 2023 on atb-devel-224
2023-10-24 22:30:06 +00:00
Andrew Bartlett
3cf1beed5d CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:39 +00:00
Stefan Metzmacher
5b7f9840f7 selftest: add some basic testing for the io_uring vfs module
We're now able to build it on all linux systems and
the ci runners have at least a 5.4 kernel. That's
all the current vfs_io_uring requires.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Sep 17 18:04:18 UTC 2023 on atb-devel-224
2023-09-17 18:04:18 +00:00
Joseph Sutton
26fd734d56 selftest: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Andrew Bartlett
4ae3e9b208 selftest: Allow MIT Krb5 1.21 to still start to fl2000dc
This is the simplest way to keep this test environment alive.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-14 03:46:35 +00:00
Joseph Sutton
d4a643e61b selftest: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Noel Power
b57cdfd7ef selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-28 23:50:32 +00:00
Ralph Boehme
a9a2b182df CVE-2023-3347: CI: add a test for server-side mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-07-21 12:05:35 +00:00
Joseph Sutton
90b240be08 tests/krb5: Add a test for PK-INIT with a revoked certificate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 01:47:34 +00:00
Andreas Schneider
60b02126a3 selftest: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-07-05 06:34:32 +00:00
Joseph Sutton
60f76b9ec8 selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Andrew Bartlett
f83baa2723 selftest: Specify that DCs prepared with prepare_dc_testenv() to be 2016 capable
This allows the backup/restore process to pass once the DC startup
code confirms what DC level the domain functional level in the DB
is expecting.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-06-14 22:57:34 +00:00
Pavel Filipenský
99d42ed865 selftest: set 'winbind expand groups = 10' for ad_member_idmap_rid
This is for alias members tests.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Joseph Sutton
480060ecd3 selftest: Report better error message if environment is unknown
Now we get the error “environment [...] is unknown” rather than “samba
can't start up known environment”.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-24 00:50:31 +00:00
SATOH Fumiyasu
ce31acf28d selftest: Report "unknown environment" if setup returns "UNKNOWN"
Samba*::setup_*() may return the string "UNKNOWN".

```
$ ./configure --with-ads ...
...
$ make
...
$ make test
...
Can't use string ("UNKNOWN") as a HASH ref while "strict refs" in use at /.../samba-4.18.2/selftest/target/Samba.pm line 131.
```

Signed-off-by: SATOH Fumiyasu <fumiyas@osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-19 00:29:33 +00:00
Andrew Bartlett
72335e742e selftest: Change ad_dc environment to be 2016 functional level
This is not yet supported in full, but this makes ad_dc match our full set of available features.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Andrew Bartlett
0252941bb3 selftest: Allow provision_ad_dc() to take functional_level as an argument
The $$$$$$$ is removed as it does not do what you think it does.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Andrew Bartlett
287405862b selftest: Return fl2008dc to being an alias for ad_dc_ntvfs
The change to make this independent in fc9845da69
was incorrect, as no distinct name was specified so this would conflict with
the ad_dc_ntvfs environment over the IP and name "localdc".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Andrew Bartlett
cbfcbfb057 Use --base-schema=2008_R2 on ad_dc_ntvfs, which opeates at FL2008
This will allow fl008dc to become an alias of ad_dc_ntvfs again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Andreas Schneider
a2acbd3f3c s3:tests: Add test that veto files works for hidden files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-19 21:29:33 +00:00
Volker Lendecke
0327334c89 tests: Show that streams_depot and shadow_copy2 don't play together
See the next patch, we assert in shadow_copy2_openat() over paths
passed in from shadow_copy2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-17 17:14:37 +00:00
Stefan Metzmacher
53f0a292f8 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME
The value of NSS_WRAPPER_HOSTNAME needs to match value
we put into the NSS_WRAPPER_HOSTS file.

We had a mismatch of
idmapridmember.samba.example.com
vs.
idmapridmember.addom.samba.example.com

This causes getaddrinfo() in nss_wrapper to fallback to
the libc version, which talks to a dns server.
It's not clear if recent glibc code will reach resolve/socket wrapper.
So it's not unlikely that idmapridmember.samba.example.com will
be passed via the internet, which causes delays up to 20 seconds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15355

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 12 20:29:05 UTC 2023 on atb-devel-224
2023-04-12 20:29:05 +00:00
Joseph Sutton
91ed2f3d5d selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
8e7c7680f3 s3:selftest: Enable winbindd for maptoguest environment
This is required for the samba3.blackbox.guest test to work. Without it,
the test fails to find a group map.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Andrew Bartlett
ca7b7bde39 selftest: Use "debug syslog format = always" in selftest
Some of the most difficult to debug issues in Samba development are around
timing, so this changes our default logging format in the selftest system
to include a high-resolution timestamp to help correlate bad events with
what else is going on at the same time.

This fits in well with the timestamps already logged into st/subunit
and may assist with correlation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr  6 13:44:47 UTC 2023 on atb-devel-224
2023-04-06 13:44:47 +00:00
Andreas Schneider
acf259c7e0 s3:selftest: Move the smbget share to the provision function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00