1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
samba-mirror/selftest/knownfail
Andrew Bartlett 4f558c9ad6 repl_meta_data: Remove the correct forward link for dn+binary attributes
The previous code assumed that only plain DNs could be linked attributes.

We need to look over the list of attribute values and find the value
that causes this particular backlink to exist, so we can remove it.

We do not know (until we search) of the binary portion, so we must
search over all the attribute values at this layer, using the
parsed_dn_find() routine used elsewhere in this code.

Found attempting to demote an RODC in a clone of a Windows 2012R2
domain, due to the msDS-RevealedUsers attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 14 06:14:35 CET 2017 on sn-devel-144
2017-02-14 06:14:35 +01:00

315 lines
17 KiB
Plaintext

# This file contains a list of regular expressions matching the names of
# tests that are expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
^samba3.blackbox.failure.failure # this is designed to fail, for testing our test infrastructure
.*driver.add_driver_timestamps # we only can store dates, not timestamps
^samba3.smbtorture_s3.crypt_server\(nt4_dc\).SMB2-SESSION-REAUTH # expected to give ACCESS_DENIED SMB2.1 doesn't have encryption
^samba3.smbtorture_s3.crypt_server\(nt4_dc\).SMB2-SESSION-RECONNECT # expected to give CONNECTION_DISCONNECTED, we need to fix the test
^samba3.smb2.session enc.reconnect # expected to give CONNECTION_DISCONNECTED, we need to fix the test
^samba3.raw.session enc # expected to give ACCESS_DENIED as SMB1 encryption isn't used
^samba3.smbtorture_s3.crypt_server # expected to give ACCESS_DENIED as SMB1 encryption isn't used
^samba3.nbt.dgram.*netlogon2\(nt4_dc\)
^samba3.*rap.sam.*.useradd # Not provided by Samba 3
^samba3.*rap.sam.*.userdelete # Not provided by Samba 3
^samba3.libsmbclient.opendir # This requires a workgroup called 'WORKGROUP' and for netbios browse lists to have been registered
# see bug 8412
^samba3.smb2.rename.*.simple_nodelete
^samba3.smb2.rename.*.no_share_delete_no_delete_access
^samba3.blackbox.smbclient_machine_auth.plain \(nt4_dc:local\)# the NT4 DC does not currently set up a self-join
^samba3.raw.samba3hide.samba3hide\((nt4_dc|ad_dc)\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.samba3closeerr.samba3closeerr\(nt4_dc\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.acls nfs4acl_xattr-simple.INHERITFLAGS\(nt4_dc\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet.
^samba3.raw.acls nfs4acl_xattr-simple.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.nulldacl\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.generic\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.inheritance\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.INHERITFLAGS\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.nulldacl\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.generic\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.inheritance\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_owner\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_group\(nt4_dc\)
^samba3.base.delete.deltest16a
^samba3.base.delete.deltest17a
^samba3.unix.whoami anonymous connection.whoami\(ad_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token
^samba3.unix.whoami anonymous connection.whoami\(ad_member\) # smbd maps anonymous logins to domain guest in the local domain, not SID_NT_ANONYMOUS
# these show that we still have some differences between our system
# with our internal iconv because it passes except when we bypass our
# internal iconv modules
^samba4.local.convert_string_handle.system.iconv.gd_ascii
^samba4.local.convert_string_handle.system.iconv.gd_iso8859_cp850
^samba4..*base.delete.*.deltest17\(
^samba4..*base.delete.*.deltest17b
^samba4..*base.delete.*.deltest17c
^samba4..*base.delete.*.deltest17e
^samba4..*base.delete.*.deltest17f
^samba4..*base.delete.*.deltest20a
^samba4..*base.delete.*.deltest20b
^samba4.raw.session.reauth
^samba4.raw.session.expire1
^samba4.raw.rename.*.osxrename
^samba4.raw.rename.*.directory rename
^samba4.rpc.winreg.*security
^samba4.local.registry.(dir|ldb).check hive security
^samba4.local.registry.local.security
^samba4.rpc.wkssvc
^samba4.rpc.handles.*.lsarpc-shared
^samba4.rpc.epmapper
^samba4.rpc.lsalookup on ncalrpc
^samba4.rpc.lsalookup on ncacn_np
^samba4.rpc.lsalookup with seal,padcheck
^samba4.rpc.lsalookup with validate
^samba4.rpc.lsalookup with bigendian
^samba4.rpc.lsa on ncacn_np with seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba4.rpc.lsa with seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba4.rpc.lsa.secrets.*seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba4.rpc.netlogon.*.LogonUasLogon
^samba4.rpc.netlogon.*.LogonUasLogoff
^samba4.rpc.netlogon.*.DatabaseSync
^samba4.rpc.netlogon.*.DatabaseSync2
^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomains
^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx
^samba4.rpc.netlogon.*.GetPassword
^samba4.rpc.netlogon.*.DatabaseRedo
^samba4.rpc.netlogon.*.netlogon.lsa_over_netlogon\(ad_dc\) #Broken by split of \\pipe\lsass from \\pipe\netlogon in the IDL
^samba4.rpc.netlogon.*.netlogon.SetupCredentialsDowngrade\(ad_dc_ntvfs\) # Broken by allowing NT4 crypto on this environment
^samba4.rpc.netlogon.*.netlogon.SetupCredentialsDowngrade\(ad_dc_ntvfs:local\) # Broken by allowing NT4 crypto on this environment
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*validate # should only work with seal
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*bigendian # should only work with seal
^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.validate # should only work with seal
^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.bigendian # should only work with seal
^samba4.base.charset.*.Testing partial surrogate
^samba4.*.base.maximum_allowed # broken until we implement NTCREATEX_OPTIONS_BACKUP_INTENT
.*net.api.delshare.* # DelShare isn't implemented yet
^samba4.smb2.oplock.doc
^samba4.smb2.lock.valid-request
^samba4.ldap.python \(ad_dc_ntvfs\).Test add_ldif\(\) with BASE64 security descriptor input using WRONG domain SID\(.*\)$
^samba4.raw.lock.*.async # bug 6960
^samba4.raw.open.ntcreatex_supersede
^samba4.smb2.lock.*.multiple-unlock # bug 6959
^samba4.raw.sfileinfo.*.end-of-file\(.*\)$ # bug 6962
^samba4.raw.oplock.*.batch22 # bug 6963
^samba4.raw.oplock.*.doc1
^samba4.raw.oplock.*.exclusive5
^samba4.raw.oplock.*.exclusive9
^samba4.raw.oplock.*.level_ii_1
^samba4.raw.lock.*.zerobyteread # bug 6974
^samba4.smb2.lock.*.zerobyteread # bug 6974
^samba4.raw.streams.*.delete
^samba4.raw.streams.*.createdisp
^samba4.raw.streams.*.sumtab
^samba4.raw.streams.*.perms
^samba4.raw.acls.INHERITFLAGS
^samba4.raw.acls.*.create_dir
^samba4.raw.acls.*.create_file
^samba4.smb2.create.*.acldir
^samba4.smb2.create.*.impersonation
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
^samba4.smb2.acls.*.ACCESSBASED
^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
#^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.*
^samba4.libsmbclient.opendir.opendir # This requires netbios browsing
^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$
^samba4.smb2.oplock.exclusive2\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive5\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive6\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive9\(.*\)$
^samba4.smb2.oplock.brl3\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.levelii500\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.brl1\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch22\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch19\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch12\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch11\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch1\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch6\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch9\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch9a\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch10\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch20\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch26\(.*\)$
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.getinfo.complex # streams on directories does not work
^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy
^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$
^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects
^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects
^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects
^samba4.raw.read.readx\(ad_dc_ntvfs\) # fails readx 16bit alignment requirement
^samba3.smb2.create.gentest
^samba3.smb2.create.blob
^samba3.smb2.create.open
^samba3.smb2.notify.valid-req
^samba3.smb2.notify.rec
^samba3.smb2.durable-open.delete_on_close2
^samba3.smb2.durable-v2-open.app-instance
^samba3.smb2.durable-open.reopen1a-lease\(ad_dc\)$
^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$
^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba3.smb2.dir.one
^samba3.smb2.dir.modify
^samba3.smb2.oplock.batch20
^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
^samba3.smb2.streams.attributes
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo
^samba3.smb2.session.*reauth5 # some special anonymous checks?
^samba3.smb2.compound.interim2 # wrong return code (STATUS_CANCELLED)
^samba3.smb2.replay.channel-sequence
^samba3.smb2.replay.replay3
^samba3.smb2.replay.replay4
^samba3.smb2.lock.*replay
^samba4.smb2.ioctl.compress_notsup.*\(ad_dc_ntvfs\)
^samba3.raw.session.*reauth2 # maybe fix this?
^samba3.rpc.lsa.secrets.seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba3.rpc.samr.passwords.badpwdcount.samr.badPwdCount\(nt4_dc\) # We fail this test currently
^samba3.rpc.samr.passwords.lockout.*\(nt4_dc\)$ # We fail this test currently
^samba3.rpc.spoolss.printer.addprinter.driver_info_winreg # knownfail or flapping?
^samba3.rpc.spoolss.printer.addprinterex.driver_info_winreg # knownfail or flapping?
^samba3.rpc.spoolss.printer.*.publish_toggle\(.*\)$ # needs spoolss AD member env
^samba3.rpc.spoolss.printer.*.log_jobinfo\(.*\)$ # not implemented yet
^samba3.rpc.spoolss.printserver.*.add_processor\(.*\)$
^samba3.rpc.spoolss.printserver.*.get_core_printer_drivers\(.*\)$
^samba3.rpc.spoolss.printserver.*.get_printer_driver_package_path\(.*\)$
^samba4.rpc.fsrvp # fsrvp server only provided by smbd
#
# The following tests fail against ad_dc (aka s3fs) currently.
# These need to be examined and either fixed or correctly categorised.
# but in the interests of ensuring we do not regress, we run the tests
# and list the current failures here.
#
^samba3.rpc.eventlog.eventlog.GetLogIntormation\(ad_dc\)
^samba3.rpc.eventlog.eventlog.FlushEventLog\(ad_dc\)
^samba3.rpc.eventlog.eventlog.ReportEventLog\(ad_dc\)
^samba3.rpc.eventlog.eventlog.ReadEventLog\(ad_dc\)
^samba3.rpc.eventlog.eventlog.GetNumRecords\(ad_dc\)
^samba3.rpc.eventlog.eventlog.OpenEventLog\(ad_dc\)
^samba3.rap.basic.netsessiongetinfo\(ad_dc\)
#
# This makes less sense when not running against an AD DC
#
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping
^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-uid
^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-gid
^samba.wbinfo_simple.\(s4member:local\).--allocate-uid
^samba.wbinfo_simple.\(s4member:local\).--allocate-gid
^samba.wbinfo_simple.\(ad_dc:local\).--allocate-uid
^samba.wbinfo_simple.\(ad_dc:local\).--allocate-gid
^samba.wbinfo_simple.\(chgdcpass:local\).--allocate-uid
^samba.wbinfo_simple.\(chgdcpass:local\).--allocate-gid
#
# These do not work against winbindd in member mode for unknown reasons
#
^samba4.winbind.struct.domain_info\(s4member:local\)
^samba4.winbind.struct.getdcname\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--user-groups
^samba.nss.test using winbind\(s4member:local\)
#
# These fail since ad_dc_ntvfs assigns the local user's uid to SAMBADOMAIN/Administrator
# hence we have a duplicate UID in nsswitch.
#
^samba3.local.nss.reentrant enumeration crosschecks\(ad_dc_ntvfs:local\)
^samba3.local.nss.reentrant enumeration\(ad_dc_ntvfs:local\)
^samba3.local.nss.enumeration\(ad_dc_ntvfs:local\)
^samba3.local.nss.reentrant enumeration crosschecks\(ad_dc:local\)
^samba3.local.nss.reentrant enumeration\(ad_dc:local\)
^samba3.local.nss.enumeration\(ad_dc:local\)
#
# These do not work against winbindd in member mode for unknown reasons
#
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member\(ad_member:local\)
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping\(ad_member:local\)
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member\(ad_member:local\)
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping\(ad_member:local\)
^samba4.winbind.struct.getdcname\(ad_member:local\)
^samba4.winbind.struct.lookup_name_sid\(ad_member:local\)
^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC
#
# Differences in our KDC compared to windows
#
^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally
#
# This will fail against the classic DC, because it requires kerberos
#
^samba4.winbind.pac.*\(nt4_member:local\) # No KDC on a classic DC
#
# This fails because our python bindings create python Lists, not a type
# we can watch for set methods on.
#
^samba.tests.dcerpc.integer.samba.tests.dcerpc.integer.IntegerTests.test_.*_into_uint8_list
#
# Samba sort takes a primative approach to unicode sort. These tests
# match Windows 2012R2 behaviour.
#
^samba4.ldap.sort.python.+UnicodeSortTests
#
## We assert all "ldap server require strong auth" combinations
#
^samba4.ldb.simple.ldap with SIMPLE-BIND.*ad_dc_ntvfs # ldap server require strong auth = allow_sasl_over_tls
^samba4.ldb.simple.ldap with SIMPLE-BIND.*fl2003dc # ldap server require strong auth = yes
^samba4.ldb.simple.ldaps with SASL-BIND.*fl2003dc # ldap server require strong auth = yes
# These are supposed to fail as we want to verify the "tls verify peer"
# restrictions. Note that fl2008r2dc uses a self-signed certificate
# with does not have a crl file.
#
^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name_if_available\(
^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name\(
^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=as_strict_as_possible\(
^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=ca_and_name\(
^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=as_strict_as_possible\(
^samba4.ldb.simple.ldaps.*SERVER.REALM.*tlsverifypeer=as_strict_as_possible.*fl2008r2dc
#
# we don't allow auth_level_connect anymore...
#
^samba3.blackbox.rpcclient.*ncacn_np.*with.*connect.*rpcclient # we don't allow auth_level_connect anymore
^samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain_not_matching_qtype
# ad_dc requires signing
#
^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\)
# fl2000dc doesn't support AES
^samba4.krb5.kdc.*as-req-aes.*fl2000dc
# nt4_member and ad_member don't support ntlmv1
^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.member.creds.*as.user
#nt-vfs server blocks read with execute access
^samba4.smb2.read.access
#ntvfs server blocks copychunk with execute access on read handle
^samba4.smb2.ioctl.copy_chunk_bad_access
^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.*
# We don't support NDR64 yet, so we generate the wrong FAULT code
^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_no_auth_presentation_ctx_invalid4
^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_auth_type2
^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_transfer
^samba4.rpc.echo.*on.*with.object.echo.doublepointer.*nt4_dc
^samba4.rpc.echo.*on.*with.object.echo.surrounding.*nt4_dc
^samba4.rpc.echo.*on.*with.object.echo.enum.*nt4_dc
^samba4.rpc.echo.*on.*with.object.echo.testcall.*nt4_dc
^samba4.rpc.echo.*on.*with.object.echo.testcall2.*nt4_dc
^samba4.rpc.echo.*on.*with.object.echo.sinkdata.*nt4_dc
^samba4.rpc.echo.*on.*with.object.echo.addone.*nt4_dc
^samba4.rpc.echo.*on.*ncacn_ip_tcp.*with.object.*nt4_dc
^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_add_duplicate_different_type.*
^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_rank_none.*
^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.*