from selftesthelpers import plantestsuite_loadlist
from selftesthelpers import skiptestsuite, source4dir, valgrindify
from selftesthelpers import smbtorture4_options, smbtorture4_testsuites
-from selftesthelpers import smbtorture4, ntlm_auth3, samba3srcdir
+from selftesthelpers import smbtorture4, samba3srcdir
print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr)
-def plansmbtorture4testsuite(name, env, options, modname=None, environ={}):
+def plansmbtorture4testsuite(name, env, options, modname=None, environ=None):
+ if environ is None:
+ environ = {}
+
return selftesthelpers.plansmbtorture4testsuite(name,
env,
options,
samba4srcdir = source4dir()
DSDB_PYTEST_DIR = os.path.join(samba4srcdir, "dsdb/tests/python/")
+subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
+
+
+def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None):
+ if extra_path is None:
+ extra_path = []
+ if environ is None:
+ environ = {}
+ if extra_args is None:
+ extra_args = []
+ environ = dict(environ)
+ py_path = list(extra_path)
+ if py_path:
+ environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
+ args = ["%s=%s" % item for item in environ.items()]
+ args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
+ args += extra_args
+ if name is None:
+ name = module
+ plantestsuite_loadlist(name, env, args)
+
samba4bindir = bindir()
validate = os.getenv("VALIDATE", "")
have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash)
+have_cluster_support = "CLUSTER_SUPPORT" in config_hash
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
'--use-kerberos=required --option=clientldapsaslwrapping=plain',
'--use-kerberos=required --client-protection=sign',
'--use-kerberos=required --client-protection=encrypt',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
'--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
'--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
'--use-kerberos=disabled --client-protection=sign',
'--use-kerberos=disabled --client-protection=encrypt',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
]
for auth_option in auth_options:
options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
- options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
- plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
- env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+
+ auth_options = [
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ ]
+ for auth_option in auth_options:
+ options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check" ' + auth_option
+ plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
+ env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+ options += ' --option="clientldapsaslwrapping=starttls"'
+ plantestsuite("samba4.ldb.simple.ldap starttls with SASL-BIND %s(%s)" % (options, env),
+ env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
+
+
+envraw = "fl2008r2dc"
+env = "%s:local" % envraw
+plantestsuite("samba4.ldap_tls_reload(%s)" % (env), env,
+ "%s/test_ldap_tls_reload.sh $PREFIX_ABS $PREFIX_ABS/%s/private/tls $SERVER.$REALM" % (bbdir, envraw))
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
for t in smbtorture4_testsuites("dsdb."):
plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
-ldbdir = os.path.join(srcdir(), "lib/ldb")
-# Don't run LDB tests when using system ldb, as we won't have ldbtest installed
-if os.path.exists(os.path.join(samba4bindir, "ldbtest")):
- plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir))
-else:
- skiptestsuite("ldb.base", "Using system LDB, ldbtest not available")
-
plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
"ad_dc_ntvfs:local",
[python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"),
# Tests for the DFS referral calls implementation
for t in smbtorture4_testsuites("dfs."):
- plansmbtorture4testsuite(t, "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
- plansmbtorture4testsuite(t, "ad_dc_smb1", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
+ plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
+ plansmbtorture4testsuite(t, "ad_dc_smb1", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
# Tests for the NET API (net.api.become.dc tested below against all the roles)
net_tests = list(filter(lambda x: "net.api.become.dc" not in x, smbtorture4_testsuites("net.")))
transport = "ncacn_np"
plansmbtorture4testsuite('rpc.pac', env, ["%s:$SERVER[]" % (transport, ), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.pac on %s" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME', 'rpc.lsa.secrets'], "samba4.rpc.lsa.secrets on %s with Kerberos" % (transport,))
- plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use target principal" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=dcom/$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dcom" % (transport,))
- plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,))
+ plansmbtorture4testsuite('rpc.lsa.secrets', env, [r"%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal" % (transport,))
plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport)
plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME', '--option=gensec_krb5:send_authenticator_checksum=false'], "samba4.rpc.lsa.secrets on %s with Kerberos - use raw-krb5-no-authenticator-checksum style login" % transport)
- plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:fake_gssapi_krb5=yes', '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login, use target principal" % transport)
# Winreg tests test bulk Kerberos encryption of DCE/RPC
# We test rpc.winreg here too, because the winreg interface if
"smb2.async_dosmode",
"smb2.twrp",
"smb2.ea",
+ "smb2.create_no_streams",
]
smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only]
[ "--option=torture:clientprotocol=%s" % proto],
"samba4.%s.baduser.%s" % (t, proto))
-plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
+plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
for t in smbtorture4_testsuites("rap."):
- plansmbtorture4testsuite(t, "ad_dc_ntvfs", '//$SERVER/IPC\$ -U$USERNAME%$PASSWORD')
+ plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/IPC\$ -U$USERNAME%$PASSWORD')
# Tests against the NTVFS CIFS backend
for t in base + raw:
"samba.tests.sddl"
])
+plantestsuite_loadlist("samba.tests.sddl_conditional_ace",
+ "none",
+ [python,
+ '-msamba.subunit.run',
+ '$LOADLIST',
+ "$LISTOPT"
+ "samba.tests.sddl_conditional_ace"
+ ])
+
for t in smbtorture4_testsuites("dns_internal."):
plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever')
+# These tests want to run on a barely changed fresh provision, before
+# too much happens to this environment, it is read only and local
+# (direct to the DB) so we use proclimitdc as it is otherwise empty
+# bar a test for process limits.
+planpythontestsuite("proclimitdc:local", "samba.tests.dsdb_quiet_provision_tests")
+
+# We want this local test to run in an environment where not much is happening that could use root keys
+planpythontestsuite("chgdcpass:local", "samba.tests.dsdb_quiet_env_tests")
+
# Local tests
for t in smbtorture4_testsuites("dlz_bind9."):
# The dlz_bind9 tests needs to look at the DNS database
plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
-planpythontestsuite("nt4_dc_smb1", "samba.tests.libsmb")
+planpythontestsuite("fileserver_smb1", "samba.tests.libsmb-basic")
planpythontestsuite("ad_member", "samba.tests.smb-notify",
environ={'USERNAME':'$DC_USERNAME',
plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
+plantestsuite("samba4.blackbox.test_alias_membership", "ad_member_idmap_rid:local", [os.path.join(bbdir, "test_alias_membership.sh"), '$PREFIX_ABS'])
+
plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
+planpythontestsuite("ad_dc_default", "samba.tests.blackbox.claims")
+
+planpythontestsuite("ad_dc_default", "samba.tests.blackbox.gmsa")
+
if have_heimdal_support:
- plantestsuite("samba4.blackbox.kinit", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "arcfour-hmac-md5", smbclient3, configuration])
- plantestsuite("samba4.blackbox.kinit", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient3, configuration])
- plantestsuite("samba4.blackbox.kinit_trust", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest", "aes256-cts-hmac-sha1-96"])
- plantestsuite("samba4.blackbox.kinit_trust", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external", "arcfour-hmac-md5"])
- plantestsuite("samba4.blackbox.kinit_trust", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external", "arcfour-hmac-md5"])
- plantestsuite("samba4.blackbox.export.keytab", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_heimdal.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
- plantestsuite("samba4.blackbox.kpasswd", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
- plantestsuite("samba4.blackbox.krb5.s4u", "fl2008r2dc:local", [os.path.join(bbdir, "test_s4u_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', configuration])
+ plantestsuite("samba4.blackbox.kpasswd",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_kpasswd_heimdal.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ "$PREFIX",
+ configuration
+ ])
+ plantestsuite("samba4.blackbox.krb5.s4u",
+ "fl2008r2dc:local",
+ [
+ os.path.join(bbdir, "test_s4u_heimdal.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$TRUST_SERVER',
+ '$TRUST_USERNAME',
+ '$TRUST_PASSWORD',
+ '$TRUST_REALM',
+ '$TRUST_DOMAIN',
+ '$PREFIX',
+ configuration
+ ])
else:
- plantestsuite("samba4.blackbox.kinit", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
- plantestsuite("samba4.blackbox.kinit", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient3, configuration])
- plantestsuite("samba4.blackbox.kinit", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient3, configuration])
- plantestsuite("samba4.blackbox.kinit_trust", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
- plantestsuite("samba4.blackbox.kinit_trust", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
- plantestsuite("samba4.blackbox.kinit_trust", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
- plantestsuite("samba4.blackbox.export.keytab", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_mit.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
- plantestsuite("samba4.blackbox.kpasswd", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
+ plantestsuite("samba4.blackbox.kpasswd",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_kpasswd_mit.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ "$PREFIX",
+ configuration
+ ])
+
+plantestsuite("samba4.blackbox.kinit_simple",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_kinit.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$PREFIX',
+ smbclient3,
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_simple",
+ "fl2000dc:local",
+ [
+ os.path.join(bbdir, "test_kinit.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$PREFIX',
+ smbclient3,
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_simple",
+ "fl2008r2dc:local",
+ [
+ os.path.join(bbdir, "test_kinit.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$PREFIX',
+ smbclient3,
+ configuration
+ ])
+
+
+plantestsuite("samba4.blackbox.kinit_trust",
+ "fl2008r2dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_trusts.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$TRUST_SERVER',
+ '$TRUST_USERNAME',
+ '$TRUST_PASSWORD',
+ '$TRUST_REALM',
+ '$TRUST_DOMAIN',
+ '$PREFIX',
+ "forest",
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_trust",
+ "fl2003dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_trusts.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$TRUST_SERVER',
+ '$TRUST_USERNAME',
+ '$TRUST_PASSWORD',
+ '$TRUST_REALM',
+ '$TRUST_DOMAIN',
+ '$PREFIX',
+ "external",
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_trust",
+ "fl2000dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_trusts.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$TRUST_SERVER',
+ '$TRUST_USERNAME',
+ '$TRUST_PASSWORD',
+ '$TRUST_REALM',
+ '$TRUST_DOMAIN',
+ '$PREFIX',
+ "external",
+ configuration
+ ])
+
+plantestsuite("samba4.blackbox.kinit.export.keytab",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_export_keytab.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$REALM',
+ '$DOMAIN',
+ "$PREFIX",
+ smbclient3,
+ configuration
+ ])
plantestsuite("samba4.blackbox.pkinit_simple",
"ad_dc:local",
plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
plantestsuite("samba4.blackbox.trust_token", "fl2000dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
-plantestsuite("samba4.blackbox.password_settings(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_password_settings.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
+plantestsuite("samba4.blackbox.password_settings",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_password_settings.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ "$PREFIX",
+ configuration
+ ])
plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
-plantestsuite("samba4.blackbox.rfc2307_mapping(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
-plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3])
+plantestsuite("samba4.blackbox.rfc2307_mapping",
+ "ad_dc:local",
+ [
+ os.path.join(samba4srcdir,
+ "../nsswitch/tests/test_rfc2307_mapping.sh"),
+ '$DOMAIN',
+ '$USERNAME',
+ '$PASSWORD',
+ "$SERVER",
+ "$UID_RFC2307TEST",
+ "$GID_RFC2307TEST",
+ configuration
+ ])
+plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3])
plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.net_offlinejoin", "ad_dc:client", [os.path.join(bbdir, "test_net_offline.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
-plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID'])
+plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID', configuration])
+
+env = "ad_member:local"
+plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env,
+ [os.path.join(bbdir, "test_net_ads_search_server.sh"),
+ '$DC_SERVER', '$REALM'])
+plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_e_both", env,
+ [os.path.join(bbdir, "test_net_ads_search_server.sh"),
+ '$TRUST_E_BOTH_SERVER', '$TRUST_E_BOTH_REALM'])
+plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_f_both", env,
+ [os.path.join(bbdir, "test_net_ads_search_server.sh"),
+ '$TRUST_F_BOTH_SERVER', '$TRUST_F_BOTH_REALM'])
if have_gnutls_fips_mode_support:
plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"])
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth")
+plantestsuite(
+ "samba.wbinfo_u_large_ad.(ad_dc:local)",
+ "ad_dc:local",
+ [os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")])
+
for env in ["ktest"]:
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5")
else:
skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
-subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
-
-
-def planoldpythontestsuite(env, module, name=None, extra_path=[], environ={}, extra_args=[]):
- environ = dict(environ)
- py_path = list(extra_path)
- if py_path:
- environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
- args = ["%s=%s" % item for item in environ.items()]
- args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
- args += extra_args
- if name is None:
- name = module
- plantestsuite_loadlist(name, env, args)
if have_gnutls_fips_mode_support:
planoldpythontestsuite("ad_dc",
- "samba.tests.dcerpc.createtrustrelax",
+ "samba.tests.dcerpc.lsa_utils",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
planoldpythontestsuite("ad_dc_fips",
- "samba.tests.dcerpc.createtrustrelax",
+ "samba.tests.dcerpc.lsa_utils",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
for testenv in [mdb_testenv, tdb_testenv]:
planoldpythontestsuite(testenv, "samba.tests.complex_expressions", extra_args=['-U"$USERNAME%$PASSWORD"'])
-planoldpythontestsuite("ad_dc_default:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
+# samba.tests.gensec is only run in ad_dc to ensure it runs with and
+# MIT and Heimdal build, it can run against any environment that
+# supports FAST
+planoldpythontestsuite("ad_dc:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
+
planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.sam")
planpythontestsuite("ad_dc_default:local", "samba.tests.dsdb")
+planpythontestsuite("none", "samba.tests.samba_startup_fl_change")
planpythontestsuite("none", "samba.tests.dsdb_lock")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.bare")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.lsa")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.timecmd")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.join")
+planpythontestsuite("ad_dc_default:local", "samba.tests.ldap_whoami")
planpythontestsuite("ad_member_s3_join", "samba.tests.samba_tool.join_member")
planpythontestsuite("ad_dc_default",
"samba.tests.samba_tool.join_lmdb_size")
for env in all_fl_envs:
planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo")
+# test getpassword for group managed service accounts
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_getpassword_gmsa")
+
# test samba-tool user, group, contact and computer edit command
for env in all_fl_envs:
env += ":local"
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_policy")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_silo")
for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]:
planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest")
for env, nt_hash in [("ad_dc:local", True),
("ad_dc_no_ntlm:local", False)]:
planpythontestsuite(env, "samba.tests.samba_tool.user",
environ={"EXPECT_NT_HASH": int(nt_hash)})
+ # test get-kerberos-ticket for locally accessible and group managed service accounts
+ planpythontestsuite(env, "samba.tests.samba_tool.user_get_kerberos_ticket")
planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword")
planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg")
planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.contact")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.forest")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.schema")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_claim")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_policy")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_silo")
+
+# This test needs to be run in an environment well apart from most
+# other tests as it deletes root keys and we don't want this to happen
+# where a gMSA account might be live.
+planpythontestsuite("chgdcpass", "samba.tests.samba_tool.domain_kds_root_key")
+
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_models")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.service_account")
planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema")
planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl")
planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check")
planoldpythontestsuite("ad_dc", "samba.tests.sid_strings")
# Run the import test in environments that may not have the ad-dc built
-for env in ['fileserver_smb1', 'nt4_member', 'clusteredmember', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']:
+envs = ['fileserver_smb1', 'nt4_member', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']
+if have_cluster_support:
+ envs.append('clusteredmember')
+for env in envs:
planoldpythontestsuite(env, "samba.tests.imports")
have_fast_support = 1
-claims_support = 0
-compound_id_support = 0
-if ('SAMBA4_USES_HEIMDAL' in config_hash or
- 'HAVE_MIT_KRB5_1_20' in config_hash):
- tkt_sig_support = 1
-else:
- tkt_sig_support = 0
+claims_support = 1
-if 'HAVE_MIT_KRB5_1_20' in config_hash:
- kadmin_is_tgs = 1
-else:
- kadmin_is_tgs = 0
+# MIT
+kadmin_is_tgs = int('SAMBA4_USES_HEIMDAL' not in config_hash)
+# Heimdal
+compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash)
+expect_nt_status = int('SAMBA4_USES_HEIMDAL' in config_hash)
+as_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
+tgs_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
+
+ca_dir = os.path.join('selftest', 'manage-ca', 'CA-samba.example.com')
+
+# This certificate is currently used just to get the name of the certificate
+# issuer.
+ca_cert_path = os.path.join(ca_dir,
+ 'DCs',
+ 'addc.addom.samba.example.com',
+ 'DC-addc.addom.samba.example.com-cert.pem')
+
+# The private key is used to issue new certificates.
+ca_private_key_path = os.path.join(ca_dir,
+ 'Private',
+ 'CA-samba.example.com-private-key.pem')
+ca_pass = '1234'
+
krb5_environ = {
'SERVICE_USERNAME': '$SERVER',
'ADMIN_USERNAME': '$DC_USERNAME',
'FAST_SUPPORT': have_fast_support,
'CLAIMS_SUPPORT': claims_support,
'COMPOUND_ID_SUPPORT': compound_id_support,
- 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname,
'CHECK_PADATA': check_padata,
'KADMIN_IS_TGS': kadmin_is_tgs,
+ 'EXPECT_NT_STATUS': expect_nt_status,
+ 'AS_REQ_LOGGING_SUPPORT': as_req_logging_support,
+ 'TGS_REQ_LOGGING_SUPPORT': tgs_req_logging_support,
+ 'CA_CERT': ca_cert_path,
+ 'CA_PRIVATE_KEY': ca_private_key_path,
+ 'CA_PASS': ca_pass,
}
planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
+planoldpythontestsuite("none", "samba.tests.krb5.claims_in_pac")
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
environ=krb5_environ)
-planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests",
- environ=krb5_environ)
+for env, fast_support in [("ad_dc_default:local", True),
+ ("fl2003dc:local", False)]:
+ planoldpythontestsuite(env, "samba.tests.krb5.s4u_tests",
+ environ={
+ **krb5_environ,
+ 'FAST_SUPPORT': int(have_fast_support and fast_support),
+ })
planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
environ=krb5_environ)
planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
extra_args=['-U"$USERNAME%$PASSWORD"'])
-planoldpythontestsuite("fl2008r2dc:local",
+planoldpythontestsuite("fl2008r2dc",
"samba.tests.getdcname",
extra_args=['-U"$USERNAME%$PASSWORD"'])
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc",
"samba.tests.segfault",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
+ environ={"TALLOC_FREE_FILL": "0xab"})
# Need to test the password hashing in multiple environments to ensure that
# all the possible options are covered
#
# Run smbcacls_propagate_inhertance tests on non msdfs root share
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_propagate_inhertance")
+planoldpythontestsuite("fileserver",
+ "samba.tests.blackbox.smbcacls_save_restore")
+planoldpythontestsuite("ad_member",
+ "samba.tests.blackbox.smbcacls_save_restore",
+ environ={'USER': '$DC_USERNAME',
+ 'PASSWORD' : '$DC_PASSWORD'}
+ )
+
#
# A) Run the smbcacls_propagate_inhertance tests on a msdfs root share
# *without* any nested dfs links
plantestsuite("samba4.user_account_control.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.priv_attrs.python(ad_dc_default)", "ad_dc_default", ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
plantestsuite("samba4.priv_attrs.strict.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+plantestsuite("samba4.unicodepwd_encrypted(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "unicodepwd_encrypted.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
for env in ['ad_dc_default:local', 'schema_dc:local']:
planoldpythontestsuite(env, "dsdb_schema_info",
plantestsuite_loadlist("samba4.urgent_replication.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "urgent_replication.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.dirsync.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "dirsync.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules_remote.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite("samba4.ldap.index.python", "none", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/index.py")])
plantestsuite_loadlist("samba4.ldap.notification.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "notification.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.sites.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sites.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
planoldpythontestsuite("ad_dc_default", "sort", environ={'SERVER' : '$SERVER', 'DATA_DIR' : os.path.join(samba4srcdir, 'dsdb/tests/python/testdata/')}, name="samba4.ldap.sort.python", extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
-plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc)", "ad_dc:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)",
"ad_dc_ntvfs:local",
# we also test joining backupfromdc here, as it's a bit special in that it
# doesn't have Default-First-Site-Name
for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
- 'labdc']:
+ 'labdc']:
# basic test that we can join the testenv DC
plantestsuite("samba4.blackbox.join_ldapcmp", env,
["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.replica_sync_rodc.python(rodc)",
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
- extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite("ad_dc_default_smb1", "password_settings",
extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"])
plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+ plantestsuite_loadlist("samba4.ldap.acl_modify.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl_modify.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
for env in all_fl_envs + ["schema_dc", "ad_dc_no_ntlm"]:
if env != "fl2000dc":
for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
- plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
+ plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", r'-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', binpath('smbclient')])
"$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
- "testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
+ r"testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
"testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
#
# That is why this test is run on the isolated environment and not on
# those connected with ad_dc (vampiredc/promoteddc)
+#
+# The chgdcpass environment is likewise isolated and emulates Samba 4.5
+# with regard to GET_ANC
env = 'schema_pair_dc'
planoldpythontestsuite("%s:local" % env, "samba_tool_drs",
name="samba4.drs.samba_tool_drs.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+for env in ['chgdcpass', 'schema_pair_dc']:
+ planoldpythontestsuite("%s:local" % env, "samba_tool_drs_critical",
+ extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+ name="samba4.drs.samba_tool_drs_critical.python(%s)" % env,
+ environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+env = "schema_pair_dc"
planoldpythontestsuite(env, "getnc_schema",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getnc_schema.python(%s)" % env,
"PLEASE_BREAK_MY_WINDOWS": "1"},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
-# This test can be sensitive to the DC joins and replications don in
-# "samba_tool_drs" so run this is run against scheam_pair_dc/schema_dc
+# This test can be sensitive to the DC joins and replications done in
+# "samba_tool_drs" so it is run against schema_pair_dc/schema_dc
# not the set of environments connected with ad_dc.
# This will show the replication state of ad_dc
-planoldpythontestsuite("promoted_dc:local", "samba_tool_drs_showrepl",
+env = "schema_pair_dc"
+planoldpythontestsuite("%s:local" % env, "samba_tool_drs_showrepl",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.samba_tool_drs_showrepl.python(%s)" % env,
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
name="samba4.drs.repl_move.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
- planoldpythontestsuite(env, "getnc_exop",
- extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
- name="samba4.drs.getnc_exop.python(%s)" % env,
- environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
- extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite(env, "getnc_unpriv",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getnc_unpriv.python(%s)" % env,
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.link_conflicts.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
- extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+# Environment chgdcpass has the Samba 4.5 GET_ANC behaviour, which we
+# set a knownfail to expect
+for env in ['vampire_dc', 'promoted_dc', 'chgdcpass']:
+ planoldpythontestsuite(env, "getnc_exop",
+ extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+ name="samba4.drs.getnc_exop.python(%s)" % env,
+ environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in ['vampire_dc', 'promoted_dc', 'vampire_2000_dc']:
planoldpythontestsuite(env, "repl_schema",
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
# A side-effect of the getncchanges tests is that they will create hundreds of
-# tombstone objects, so run them last to avoid interferring with (and slowing
+# tombstone objects, so run them last to avoid interfering with (and slowing
# down) the other DRS tests
for env in ['vampire_dc', 'promoted_dc']:
planoldpythontestsuite(env, "getncchanges",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getncchanges.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
- extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in ['ad_dc_ntvfs']:
planoldpythontestsuite(env, "repl_rodc",
'--option=torture:krb5-upn=testdenied_upn@$REALM.upn',
'--option=torture:expect_rodc=true'],
"samba4.krb5.kdc with account DENIED permission to replicate to an RODC")
-plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestallowed\ account%$PASSWORD',
+plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", r'-Utestallowed\ account%$PASSWORD',
'--workgroup=$DOMAIN', '--realm=$REALM',
'--option=torture:expect_machine_account=true',
- '--option=torture:krb5-upn=testallowed\ upn@$REALM',
+ r'--option=torture:krb5-upn=testallowed\ upn@$REALM',
'--option=torture:krb5-hostname=testallowed',
'--option=torture:expect_rodc=true',
'--option=torture:expect_cached_at_rodc=true'],
planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests",
environ=krb5_environ)
-planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests",
- environ=krb5_environ)
+for env, fast_support in [("ad_dc", True),
+ ("fl2003dc", False)]:
+ planpythontestsuite(env, "samba.tests.krb5.compatability_tests",
+ environ={
+ **krb5_environ,
+ 'FAST_SUPPORT': int(have_fast_support and fast_support),
+ })
planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
environ=krb5_environ)
planpythontestsuite(
'samba.tests.krb5.pac_align_tests',
environ=krb5_environ)
planoldpythontestsuite(
- 'ad_dc:local',
+ 'ad_dc',
'samba.tests.krb5.protected_users_tests',
environ=krb5_environ)
for env, nt_hash in [("ad_dc:local", True),
'ad_dc',
'samba.tests.krb5.kpasswd_tests',
environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.claims_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.device_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc:local',
+ 'samba.tests.krb5.lockout_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.group_tests',
+ environ=krb5_environ)
+for env, forced_rc4 in [('ad_dc', False),
+ ('promoted_dc', True)]:
+ planoldpythontestsuite(
+ env,
+ 'samba.tests.krb5.etype_tests',
+ environ={
+ **krb5_environ,
+ 'DC_SERVER': '$SERVER',
+ 'DC_SERVER_IP': '$SERVER_IP',
+ 'DC_SERVER_IPV6': '$SERVER_IPV6',
+ 'FORCED_RC4': int(forced_rc4),
+ })
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.authn_policy_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.pkinit_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.conditional_ace_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.gkdi_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc:local',
+ 'samba.tests.krb5.gmsa_tests',
+ environ=krb5_environ)
for env in [
'vampire_dc',
[os.path.join(bindir(), "test_ndr_macros")])
plantestsuite("librpc.ndr.ndr_dns_nbt", "none",
[os.path.join(bindir(), "test_ndr_dns_nbt")])
+plantestsuite("librpc.ndr.test_ndr_gmsa", "none",
+ [os.path.join(bindir(), "test_ndr_gmsa")])
plantestsuite("libcli.ldap.ldap_message", "none",
[os.path.join(bindir(), "test_ldap_message")])
planoldpythontestsuite("none", "samba.tests.usage")
planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc")
+planoldpythontestsuite("none", "samba.tests.compression")
+planpythontestsuite("none", "samba.tests.security_descriptors")
+
+if have_cluster_support:
+ cluster_environ = {
+ "SERVER_HOSTNAME": "$NETBIOSNAME",
+ "INTERFACE_GROUP_NAME": "$NETBIOSNAME",
+ "CLUSTER_SHARE": "registry_share",
+ "USERNAME": "$DC_USERNAME",
+ "PASSWORD": "$DC_PASSWORD",
+ }
+ planpythontestsuite("clusteredmember:local",
+ "samba.tests.blackbox.rpcd_witness_samba_only",
+ environ=cluster_environ)