1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
Stefan Metzmacher 162c1f85bf selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 16:03:26 +02:00

289 lines
15 KiB
Plaintext

# This file contains a list of regular expressions matching the names of
# tests that are expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
^samba3.blackbox.failure.failure # this is designed to fail, for testing our test infrastructure
.*driver.add_driver_timestamps # we only can store dates, not timestamps
^samba3.smbtorture_s3.crypt_server\(nt4_dc\).SMB2-SESSION-REAUTH # expected to give ACCESS_DENIED SMB2.1 doesn't have encryption
^samba3.smbtorture_s3.crypt_server\(nt4_dc\).SMB2-SESSION-RECONNECT # expected to give CONNECTION_DISCONNECTED, we need to fix the test
^samba3.smb2.session enc.reconnect # expected to give CONNECTION_DISCONNECTED, we need to fix the test
^samba3.raw.session enc # expected to give ACCESS_DENIED as SMB1 encryption isn't used
^samba3.smbtorture_s3.crypt_server # expected to give ACCESS_DENIED as SMB1 encryption isn't used
^samba3.nbt.dgram.*netlogon2\(nt4_dc\)
^samba3.*rap.sam.*.useradd # Not provided by Samba 3
^samba3.*rap.sam.*.userdelete # Not provided by Samba 3
^samba3.libsmbclient.opendir # This requires a workgroup called 'WORKGROUP' and for netbios browse lists to have been registered
# see bug 8412
^samba3.smb2.rename.*.simple_nodelete
^samba3.smb2.rename.*.no_share_delete_no_delete_access
^samba3.blackbox.smbclient_machine_auth.plain \(nt4_dc:local\)# the NT4 DC does not currently set up a self-join
^samba3.raw.samba3hide.samba3hide\((nt4_dc|ad_dc)\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.samba3closeerr.samba3closeerr\(nt4_dc\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.acls nfs4acl_xattr-simple.INHERITFLAGS\(nt4_dc\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet.
^samba3.raw.acls nfs4acl_xattr-simple.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.nulldacl\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.generic\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.inheritance\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.INHERITFLAGS\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.nulldacl\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.generic\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.inheritance\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_owner\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_group\(nt4_dc\)
^samba3.base.delete.deltest16a
^samba3.base.delete.deltest17a
^samba3.unix.whoami anonymous connection.whoami\(ad_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token
^samba3.unix.whoami anonymous connection.whoami\(ad_member\) # smbd maps anonymous logins to domain guest in the local domain, not SID_NT_ANONYMOUS
# these show that we still have some differences between our system
# with our internal iconv because it passes except when we bypass our
# internal iconv modules
^samba4.local.convert_string_handle.system.iconv.gd_ascii
^samba4.local.convert_string_handle.system.iconv.gd_iso8859_cp850
^samba4..*base.delete.*.deltest17\(
^samba4..*base.delete.*.deltest17b
^samba4..*base.delete.*.deltest17c
^samba4..*base.delete.*.deltest17e
^samba4..*base.delete.*.deltest17f
^samba4..*base.delete.*.deltest20a
^samba4..*base.delete.*.deltest20b
^samba4.raw.session.reauth
^samba4.raw.session.expire1
^samba4.raw.rename.*.osxrename
^samba4.raw.rename.*.directory rename
^samba4.rpc.winreg.*security
^samba4.local.registry.(dir|ldb).check hive security
^samba4.local.registry.local.security
^samba4.rpc.wkssvc
^samba4.rpc.handles.*.lsarpc-shared
^samba4.rpc.epmapper
^samba4.rpc.lsalookup on ncalrpc
^samba4.rpc.lsalookup on ncacn_np
^samba4.rpc.lsalookup with seal,padcheck
^samba4.rpc.lsalookup with validate
^samba4.rpc.lsalookup with bigendian
^samba4.rpc.lsa on ncacn_np with seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba4.rpc.lsa with seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba4.rpc.lsa.secrets.*seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba4.rpc.netlogon.*.LogonUasLogon
^samba4.rpc.netlogon.*.LogonUasLogoff
^samba4.rpc.netlogon.*.DatabaseSync
^samba4.rpc.netlogon.*.DatabaseSync2
^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomains
^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx
^samba4.rpc.netlogon.*.GetPassword
^samba4.rpc.netlogon.*.DatabaseRedo
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*validate # should only work with seal
^samba4.rpc.drsuapi.*ncacn_ip_tcp.*bigendian # should only work with seal
^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.validate # should only work with seal
^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.bigendian # should only work with seal
^samba4.base.charset.*.Testing partial surrogate
^samba4.*.base.maximum_allowed # broken until we implement NTCREATEX_OPTIONS_BACKUP_INTENT
.*net.api.delshare.* # DelShare isn't implemented yet
^samba4.smb2.oplock.doc
^samba4.smb2.lock.valid-request
^samba4.ldap.python \(ad_dc_ntvfs\).Test add_ldif\(\) with BASE64 security descriptor input using WRONG domain SID\(.*\)$
^samba4.raw.lock.*.async # bug 6960
^samba4.raw.open.ntcreatex_supersede
^samba4.smb2.lock.*.multiple-unlock # bug 6959
^samba4.raw.sfileinfo.*.end-of-file\(.*\)$ # bug 6962
^samba4.raw.oplock.*.batch22 # bug 6963
^samba4.raw.oplock.*.doc1
^samba4.raw.oplock.*.exclusive5
^samba4.raw.oplock.*.exclusive9
^samba4.raw.oplock.*.level_ii_1
^samba4.raw.lock.*.zerobyteread # bug 6974
^samba4.smb2.lock.*.zerobyteread # bug 6974
^samba4.raw.streams.*.delete
^samba4.raw.streams.*.createdisp
^samba4.raw.streams.*.sumtab
^samba4.raw.streams.*.perms
^samba4.raw.acls.INHERITFLAGS
^samba4.raw.acls.*.create_dir
^samba4.raw.acls.*.create_file
^samba4.smb2.create.*.acldir
^samba4.smb2.create.*.impersonation
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
^samba4.smb2.acls.*.ACCESSBASED
^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
#^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.*
^samba4.libsmbclient.opendir.opendir # This requires netbios browsing
^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$
^samba4.smb2.oplock.exclusive2\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive5\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive6\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive9\(.*\)$
^samba4.smb2.oplock.brl3\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.levelii500\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.brl1\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch22\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch19\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch12\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch11\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch1\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch6\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch9\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch9a\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch10\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch20\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch26\(.*\)$
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.getinfo.complex # streams on directories does not work
^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy
^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$
^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change
^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects
^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects
^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects
^samba4.raw.read.readx\(ad_dc_ntvfs\) # fails readx 16bit alignment requirement
^samba3.smb2.create.gentest
^samba3.smb2.create.blob
^samba3.smb2.create.open
^samba3.smb2.notify.valid-req
^samba3.smb2.notify.rec
^samba3.smb2.durable-open.delete_on_close2
^samba3.smb2.durable-v2-open.app-instance
^samba3.smb2.durable-open.reopen1a-lease\(ad_dc\)$
^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$
^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba3.smb2.dir.one
^samba3.smb2.dir.modify
^samba3.smb2.oplock.batch20
^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
^samba3.smb2.streams.attributes
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo
^samba3.smb2.session.*reauth5 # some special anonymous checks?
^samba3.smb2.compound.interim2 # wrong return code (STATUS_CANCELLED)
^samba3.smb2.replay.channel-sequence
^samba3.smb2.replay.replay3
^samba3.smb2.replay.replay4
^samba3.smb2.lock.*replay
^samba3.raw.session.*reauth2 # maybe fix this?
^samba3.rpc.lsa.secrets.seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY
^samba3.rpc.samr.passwords.badpwdcount.samr.badPwdCount\(nt4_dc\) # We fail this test currently
^samba3.rpc.samr.passwords.lockout.*\(nt4_dc\)$ # We fail this test currently
^samba3.rpc.spoolss.printer.addprinter.driver_info_winreg # knownfail or flapping?
^samba3.rpc.spoolss.printer.addprinterex.driver_info_winreg # knownfail or flapping?
^samba3.rpc.spoolss.printer.*.publish_toggle\(.*\)$ # needs spoolss AD member env
^samba3.rpc.spoolss.printserver.*.add_processor\(.*\)$
^samba4.rpc.fsrvp # fsrvp server only provided by smbd
#
# The following tests fail against ad_dc (aka s3fs) currently.
# These need to be examined and either fixed or correctly categorised.
# but in the interests of ensuring we do not regress, we run the tests
# and list the current failures here.
#
^samba3.rpc.eventlog.eventlog.GetLogIntormation\(ad_dc\)
^samba3.rpc.eventlog.eventlog.FlushEventLog\(ad_dc\)
^samba3.rpc.eventlog.eventlog.ReportEventLog\(ad_dc\)
^samba3.rpc.eventlog.eventlog.ReadEventLog\(ad_dc\)
^samba3.rpc.eventlog.eventlog.GetNumRecords\(ad_dc\)
^samba3.rpc.eventlog.eventlog.OpenEventLog\(ad_dc\)
^samba3.rap.basic.netsessiongetinfo\(ad_dc\)
#
# This makes less sense when not running against an AD DC
#
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping
^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-uid
^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-gid
^samba.wbinfo_simple.\(s4member:local\).--allocate-uid
^samba.wbinfo_simple.\(s4member:local\).--allocate-gid
^samba.wbinfo_simple.\(ad_dc:local\).--allocate-uid
^samba.wbinfo_simple.\(ad_dc:local\).--allocate-gid
^samba.wbinfo_simple.\(chgdcpass:local\).--allocate-uid
^samba.wbinfo_simple.\(chgdcpass:local\).--allocate-gid
#
# These do not work against winbindd in member mode for unknown reasons
#
^samba4.winbind.struct.domain_info\(s4member:local\)
^samba4.winbind.struct.getdcname\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--user-groups
^samba.nss.test using winbind\(s4member:local\)
#
# These fail since ad_dc_ntvfs assigns the local user's uid to SAMBADOMAIN/Administrator
# hence we have a duplicate UID in nsswitch.
#
^samba3.local.nss.reentrant enumeration crosschecks\(ad_dc_ntvfs:local\)
^samba3.local.nss.reentrant enumeration\(ad_dc_ntvfs:local\)
^samba3.local.nss.enumeration\(ad_dc_ntvfs:local\)
^samba3.local.nss.reentrant enumeration crosschecks\(ad_dc:local\)
^samba3.local.nss.reentrant enumeration\(ad_dc:local\)
^samba3.local.nss.enumeration\(ad_dc:local\)
#
# These do not work against winbindd in member mode for unknown reasons
#
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member\(ad_member:local\)
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping\(ad_member:local\)
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member\(ad_member:local\)
^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping\(ad_member:local\)
^samba4.winbind.struct.getdcname\(ad_member:local\)
^samba4.winbind.struct.lookup_name_sid\(ad_member:local\)
^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC
#
# Differences in our KDC compared to windows
#
^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally
#
# This will fail against the classic DC, because it requires kerberos
#
^samba4.winbind.pac.*\(nt4_member:local\) # No KDC on a classic DC
#
# This fails because our python bindings create python Lists, not a type
# we can watch for set methods on.
#
^samba.tests.dcerpc.integer.samba.tests.dcerpc.integer.IntegerTests.test_.*_into_uint8_list
#
# Samba sort takes a primative approach to unicode sort. These tests
# match Windows 2012R2 behaviour.
#
^samba4.ldap.sort.python.+UnicodeSortTests
#
## We assert all "ldap server require strong auth" combinations
#
^samba4.ldb.simple.ldap with SIMPLE-BIND.*ad_dc_ntvfs # ldap server require strong auth = allow_sasl_over_tls
^samba4.ldb.simple.ldap with SIMPLE-BIND.*fl2003dc # ldap server require strong auth = yes
^samba4.ldb.simple.ldaps with SASL-BIND.*fl2003dc # ldap server require strong auth = yes
# These are supposed to fail as we want to verify the "tls verify peer"
# restrictions. Note that fl2008r2dc uses a self-signed certificate
# with does not have a crl file.
#
^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name_if_available\(
^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name\(
^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=as_strict_as_possible\(
^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=ca_and_name\(
^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=as_strict_as_possible\(
^samba4.ldb.simple.ldaps.*SERVER.REALM.*tlsverifypeer=as_strict_as_possible.*fl2008r2dc
#
# we don't allow auth_level_connect anymore...
#
^samba3.blackbox.rpcclient.*ncacn_np.*with.*connect.*rpcclient # we don't allow auth_level_connect anymore
^samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain_not_matching_qtype
# ad_dc requires signing
#
^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\)
# fl2000dc doesn't support AES
^samba4.krb5.kdc.*as-req-aes.*fl2000dc
# nt4_member and ad_member don't support ntlmv1
^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.member.creds.*as.user