2 # This script generates a list of testsuites that should be run as part of
3 # the Samba 4 test suite.
5 # The output of this script is parsed by selftest.pl, which then decides
6 # which of the tests to actually run. It will, for example, skip all tests
7 # listed in selftest/skip or only run a subset during "make quicktest".
9 # The idea is that this script outputs all of the tests of Samba 4, not
10 # just those that are known to pass, and list those that should be skipped
11 # or are known to fail in selftest/skip or selftest/knownfail. This makes it
12 # very easy to see what functionality is still missing in Samba 4 and makes
13 # it possible to run the testsuite against other servers, such as Samba 3 or
14 # Windows that have a different set of features.
16 # The syntax for a testsuite is "-- TEST --" on a single line, followed
17 # by the name of the test, the environment it needs and the command to run, all
18 # three separated by newlines. All other lines in the output are considered
23 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../selftest"))
24 import selftesthelpers
25 from selftesthelpers import bindir, srcdir, binpath, python
26 from selftesthelpers import configuration, plantestsuite
27 from selftesthelpers import planpythontestsuite, planperltestsuite
28 from selftesthelpers import plantestsuite_loadlist
29 from selftesthelpers import skiptestsuite, source4dir, valgrindify
30 from selftesthelpers import smbtorture4_options, smbtorture4_testsuites
31 from selftesthelpers import smbtorture4, ntlm_auth3, samba3srcdir
34 print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr)
37 def plansmbtorture4testsuite(name, env, options, modname=None, environ=None):
41 return selftesthelpers.plansmbtorture4testsuite(name,
49 samba4srcdir = source4dir()
50 DSDB_PYTEST_DIR = os.path.join(samba4srcdir, "dsdb/tests/python/")
52 samba4bindir = bindir()
53 validate = os.getenv("VALIDATE", "")
55 validate_list = [validate]
59 nmblookup4 = binpath('nmblookup4')
60 smbclient4 = binpath('smbclient4')
61 smbclient3 = binpath('smbclient')
63 bbdir = os.path.join(srcdir(), "testprogs/blackbox")
65 # alias to highlight what tests we want to run against a DC with SMBv1 disabled
66 smbv1_disabled_testenv = "restoredc"
68 all_fl_envs = ["fl2000dc", "fl2003dc", "fl2008dc", "fl2008r2dc"]
70 # Simple tests for LDAP and CLDAP
71 for auth_type in ['', '-k no', '-k yes']:
72 for auth_level in ['--option=clientldapsaslwrapping=plain', '--client-protection=sign', '--client-protection=encrypt']:
73 creds = '-U"$USERNAME%$PASSWORD"'
74 options = creds + ' ' + auth_type + ' ' + auth_level
75 plantestsuite("samba4.ldb.ldap with options %r(ad_dc_default)" % options, "ad_dc_default", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options))
77 # see if we support ADS on the Samba3 side
79 config_h = os.environ["CONFIG_H"]
81 config_h = os.path.join(samba4bindir, "default/include/config.h")
83 # check available features
85 f = open(config_h, 'r')
88 config_hash = dict((x[0], ' '.join(x[1:]))
89 for x in map(lambda line: line.strip().split(' ')[1:],
90 list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines))))
94 have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
95 have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash)
97 for options in ['-U"$USERNAME%$PASSWORD"']:
98 plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
99 "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
102 '--simple-bind-dn=$USERNAME@$REALM --password=$PASSWORD',
105 'SERVER_IP': '$SERVER_IP',
106 'SERVER_NAME': '$SERVER',
107 'SERVER.REALM': '$SERVER.$REALM',
109 tls_verify_options = [
110 '--option="tlsverifypeer=no_check"',
111 '--option="tlsverifypeer=ca_only"',
112 '--option="tlsverifypeer=ca_and_name_if_available"',
113 '--option="tlsverifypeer=ca_and_name"',
114 '--option="tlsverifypeer=as_strict_as_possible"',
117 # we use :local for fl2008r2dc because of the self-signed certificate
118 for env in ["ad_dc_ntvfs", "fl2008r2dc:local"]:
119 for peer_key in peer_options.keys():
120 peer_val = peer_options[peer_key]
121 for creds in creds_options:
122 for tls_verify in tls_verify_options:
123 options = creds + ' ' + tls_verify
124 plantestsuite("samba4.ldb.simple.ldaps with options %s %s(%s)" % (
125 peer_key, options, env), env,
126 "%s/test_ldb_simple.sh ldaps %s %s" % (bbdir, peer_val, options))
128 # test all "ldap server require strong auth" combinations
129 for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
130 options = '--simple-bind-dn="$USERNAME@$REALM" --password="$PASSWORD"'
131 plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
132 env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
133 options += ' --option="tlsverifypeer=no_check"'
134 plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
135 env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
138 '--option=clientldapsaslwrapping=plain',
139 '--client-protection=sign',
140 '--client-protection=encrypt',
141 '--use-kerberos=required --option=clientldapsaslwrapping=plain',
142 '--use-kerberos=required --client-protection=sign',
143 '--use-kerberos=required --client-protection=encrypt',
144 '--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
145 '--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
146 '--use-kerberos=disabled --client-protection=sign',
147 '--use-kerberos=disabled --client-protection=encrypt',
150 for auth_option in auth_options:
151 options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
152 plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
153 env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
154 options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
155 plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
156 env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
158 for options in ['-U"$USERNAME%$PASSWORD"']:
159 plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
160 "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))
162 for t in smbtorture4_testsuites("ldap."):
163 if t == "ldap.nested-search":
164 plansmbtorture4testsuite(t, "ad_dc_default_smb1", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_')
165 elif t == "ldap.session-expiry":
166 # This requires kerberos and thus the server name
167 plansmbtorture4testsuite(
168 t, "ad_dc_default", '-U"$USERNAME%$PASSWORD" //$DC_SERVER/_none_')
170 plansmbtorture4testsuite(
173 '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_ -D "$USERNAME"@"$REALM"##"$PASSWORD"')
175 for t in smbtorture4_testsuites("dsdb."):
176 plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
178 ldbdir = os.path.join(srcdir(), "lib/ldb")
179 # Don't run LDB tests when using system ldb, as we won't have ldbtest installed
180 if os.path.exists(os.path.join(samba4bindir, "ldbtest")):
181 plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir))
183 skiptestsuite("ldb.base", "Using system LDB, ldbtest not available")
185 plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
187 [python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"),
188 '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
192 # add tests to this list as they start passing, so we test
193 # that they stay passing
194 ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
195 ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
196 drs_rpc_tests = smbtorture4_testsuites("drs.rpc")
197 ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
198 slow_ncacn_np_tests = ["rpc.samlogon",
202 "rpc.samr.users.privileges",
203 "rpc.samr.passwords.default",
204 "rpc.samr.passwords.pwdlastset",
205 "rpc.samr.passwords.lockout",
206 "rpc.samr.passwords.badpwdcount"]
207 slow_ncacn_ip_tcp_tests = ["rpc.cracknames"]
209 all_rpc_tests = ncalrpc_tests + ncacn_np_tests + ncacn_ip_tcp_tests + slow_ncacn_np_tests + slow_ncacn_ip_tcp_tests + ["rpc.lsa.secrets", "rpc.pac", "rpc.samba3-sharesec", "rpc.countcalls"]
211 # Filter RPC tests that should not run against ad_dc_ntvfs
216 "rpc.fips.netlogon.crypto",
218 rpc_exclude = rpc_s3only + rpc_fipsonly
219 rpc_tests = [x for x in smbtorture4_testsuites("rpc.") if x not in rpc_exclude]
220 auto_rpc_tests = list(filter(lambda t: t not in all_rpc_tests, rpc_tests))
222 for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
223 for transport in ["ncalrpc", "ncacn_np", "ncacn_ip_tcp"]:
224 env = "ad_dc_default"
226 if transport == "ncalrpc":
227 tests = ncalrpc_tests
229 elif transport == "ncacn_np":
230 tests = ncacn_np_tests
231 elif transport == "ncacn_ip_tcp":
232 tests = ncacn_ip_tcp_tests
234 raise AssertionError("invalid transport %r" % transport)
236 if t == "rpc.netlogon":
238 elif t == "rpc.join":
239 env = "ad_dc_default_smb1"
240 plansmbtorture4testsuite(t, env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
241 plansmbtorture4testsuite('rpc.samba3-sharesec', env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:share=tmp'], "samba4.rpc.samba3.sharesec on %s with %s" % (transport, bindoptions))
243 # Plugin S4 DC tests (confirms named pipe auth forwarding). This can be expanded once kerberos is supported in the plugin DC
245 for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
246 for t in ncacn_np_tests:
248 transport = "ncacn_np"
249 if t in ["rpc.authcontext", "rpc.join"]:
251 plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
253 for bindoptions in [""] + validate_list + ["bigendian"]:
254 for t in auto_rpc_tests:
255 env = "ad_dc_default"
256 if t in ["rpc.srvsvc", "rpc.mgmt"]:
258 elif t == "rpc.join":
259 env = "ad_dc_default_smb1"
260 plansmbtorture4testsuite(t, env, ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
263 plansmbtorture4testsuite(t, "ad_dc_default:local", ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s" % t)
265 for transport in ["ncacn_np", "ncacn_ip_tcp"]:
266 env = "ad_dc_slowtests"
267 if transport == "ncacn_np":
268 tests = slow_ncacn_np_tests
269 elif transport == "ncacn_ip_tcp":
270 tests = slow_ncacn_ip_tcp_tests
272 raise AssertionError("Invalid transport %r" % transport)
275 if t == 'rpc.cracknames':
277 plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
279 # Tests for the DFS referral calls implementation
280 for t in smbtorture4_testsuites("dfs."):
281 plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
282 plansmbtorture4testsuite(t, "ad_dc_smb1", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
284 # Tests for the NET API (net.api.become.dc tested below against all the roles)
285 net_tests = list(filter(lambda x: "net.api.become.dc" not in x, smbtorture4_testsuites("net.")))
287 plansmbtorture4testsuite(t, "ad_dc_default", '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
289 # Tests for session keys and encryption of RPC pipes
290 # FIXME: Integrate these into a single smbtorture test
292 transport = "ncacn_np"
293 for env in ["ad_dc_default", "nt4_dc"]:
295 "-k no --option=clientusespnego=yes",
296 "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no",
297 "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes",
298 "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no",
299 "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
300 "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
301 "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes",
302 "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
303 "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
304 "-k no --option=clientusespnego=no --option=clientntlmv2auth=yes",
305 "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes",
306 "-k no --option=clientusespnego=no"]:
307 name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
308 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
309 plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient3, '$SMB_CONF_PATH', configuration])
311 gpo = smbtorture4_testsuites("gpo.")
313 plansmbtorture4testsuite(t, 'ad_dc:local', ['//$SERVER/sysvol', '-U$USERNAME%$PASSWORD'])
315 transports = ["ncacn_np", "ncacn_ip_tcp"]
317 # Kerberos varies between functional levels, so it is important to check this on all of them
318 for env in all_fl_envs:
319 transport = "ncacn_np"
320 plansmbtorture4testsuite('rpc.pac', env, ["%s:$SERVER[]" % (transport, ), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.pac on %s" % (transport,))
321 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME', 'rpc.lsa.secrets'], "samba4.rpc.lsa.secrets on %s with Kerberos" % (transport,))
322 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use target principal" % (transport,))
323 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=dcom/$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dcom" % (transport,))
324 plansmbtorture4testsuite('rpc.lsa.secrets', env, [r"%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,))
325 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal" % (transport,))
326 plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport)
327 plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME', '--option=gensec_krb5:send_authenticator_checksum=false'], "samba4.rpc.lsa.secrets on %s with Kerberos - use raw-krb5-no-authenticator-checksum style login" % transport)
328 plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:fake_gssapi_krb5=yes', '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login, use target principal" % transport)
330 # Winreg tests test bulk Kerberos encryption of DCE/RPC
331 # We test rpc.winreg here too, because the winreg interface if
332 # handled by the source3/rpc_server code.
333 for bindoptions in ["connect", "packet", "krb5", "krb5,packet", "krb5,sign", "krb5,seal", "spnego", "spnego,packet", "spnego,sign", "spnego,seal"]:
334 plansmbtorture4testsuite('rpc.winreg', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.winreg on %s with %s" % (transport, bindoptions))
336 for transport in transports:
337 plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, ))
339 # Echo tests test bulk Kerberos encryption of DCE/RPC
340 for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]:
341 echooptions = "--option=socket:testnonblock=True --option=torture:quick=yes -k yes"
342 plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), echooptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, echooptions))
344 for env in ["fl2000dc", "fl2008r2dc"]:
345 plansmbtorture4testsuite("net.api.become.dc", env, '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
347 for bindoptions in ["sign", "seal"]:
348 plansmbtorture4testsuite('rpc.backupkey', "ad_dc_default", ["ncacn_np:$SERVER[%s]" % (bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.backupkey with %s" % (bindoptions))
350 for transport in transports:
351 for bindoptions in ["sign", "seal"]:
353 "--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes",
354 "--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes",
355 "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
356 "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
357 "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
358 "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
359 "--option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
360 "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes --option=torture:quick=yes",
361 "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes"]:
362 if transport == "ncalrpc":
363 env = "ad_dc_default:local"
365 env = "ad_dc_default"
366 plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, ntlmoptions))
368 plansmbtorture4testsuite('rpc.echo', "ad_dc_default", ['ncacn_np:$SERVER[smb2]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on ncacn_np over smb2")
369 for env in ["ad_dc", "nt4_dc"]:
370 plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_np:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_np with object")
371 plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_ip_tcp:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_ip_tcp with object")
373 plansmbtorture4testsuite('ntp.signd', "ad_dc_default:local", ['ncacn_np:$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.ntp.signd")
375 nbt_tests = smbtorture4_testsuites("nbt.")
377 plansmbtorture4testsuite(t, "ad_dc_ntvfs", "//$SERVER/_none_ -U\"$USERNAME%$PASSWORD\"")
379 # Tests against the NTVFS POSIX backend
380 ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"]
382 # Filter smb2 tests that should not run against ad_dc_ntvfs
384 "smb2.change_notify_disabled",
387 "smb2.kernel-oplocks",
388 "smb2.durable-v2-delay",
392 "smb2.async_dosmode",
395 "smb2.create_no_streams",
397 smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only]
399 # The QFILEINFO-IPC test needs to be on ipc$
400 raw = list(filter(lambda x: "raw.qfileinfo.ipc" not in x, smbtorture4_testsuites("raw.")))
401 base = smbtorture4_testsuites("base.")
403 netapi = smbtorture4_testsuites("netapi.")
405 for t in base + raw + smb2 + netapi:
406 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$SERVER/tmp', '-U$USERNAME%$PASSWORD'] + ntvfsargs)
408 libsmbclient = smbtorture4_testsuites("libsmbclient.")
409 protocols = [ 'NT1', 'SMB3' ]
410 for t in libsmbclient:
411 url = "smb://$USERNAME:$PASSWORD@$SERVER/tmp"
412 if t == "libsmbclient.list_shares":
413 url = "smb://$USERNAME:$PASSWORD@$SERVER"
414 if t == "libsmbclient.utimes":
417 libsmbclient_testargs = [
419 '-U$USERNAME%$PASSWORD',
420 "--option=torture:smburl=" + url,
421 "--option=torture:replace_smbconf="
422 "%s/testdata/samba3/smb_new.conf" % srcdir()
425 for proto in protocols:
426 plansmbtorture4testsuite(
428 "nt4_dc" if proto == "SMB3" else "nt4_dc_smb1_done",
429 libsmbclient_testargs +
430 [ "--option=torture:clientprotocol=%s" % proto],
431 "samba4.%s.%s" % (t, proto))
433 url = "smb://baduser:invalidpw@$SERVER/tmpguest"
434 t = "libsmbclient.noanon_list"
435 libsmbclient_testargs = [
436 '//$SERVER/tmpguest',
437 '-U$USERNAME%$PASSWORD',
438 "--option=torture:smburl=" + url,
439 "--option=torture:replace_smbconf="
440 "%s/testdata/samba3/smb_new.conf" % srcdir()
442 for proto in protocols:
443 plansmbtorture4testsuite(t,
445 libsmbclient_testargs +
446 [ "--option=torture:clientprotocol=%s" % proto],
447 "samba4.%s.baduser.%s" % (t, proto))
449 plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
451 for t in smbtorture4_testsuites("rap."):
452 plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/IPC\$ -U$USERNAME%$PASSWORD')
454 # Tests against the NTVFS CIFS backend
456 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=yes'] + ntvfsargs, modname="samba4.ntvfs.cifs.krb5.%s" % t)
458 # Test NTVFS CIFS backend with S4U2Self and S4U2Proxy
460 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
461 plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=yes'] + ntvfsargs, "samba4.ntvfs.cifs.krb5.%s" % t)
462 plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
464 plansmbtorture4testsuite('echo.udp', 'ad_dc_ntvfs:local', '//$SERVER/whatever')
467 for t in smbtorture4_testsuites("local."):
468 # The local.resolve test needs a name to look up using real system (not emulated) name routines
469 plansmbtorture4testsuite(t, "none", "ncalrpc:localhost")
471 # Confirm these tests with the system iconv too
472 for t in ["local.convert_string_handle", "local.convert_string", "local.ndr"]:
473 options = "ncalrpc: --option='iconv:use_builtin_handlers=false'"
474 plansmbtorture4testsuite(t, "none", options,
475 modname="samba4.%s.system.iconv" % t)
477 tdbtorture4 = binpath("tdbtorture")
478 if os.path.exists(tdbtorture4):
479 plantestsuite("tdb.stress", "none", valgrindify(tdbtorture4))
481 skiptestsuite("tdb.stress", "Using system TDB, tdbtorture not available")
483 plansmbtorture4testsuite("drs.unit", "none", "ncalrpc:")
486 for f in sorted(os.listdir(os.path.join(samba4srcdir, "../pidl/tests"))):
487 if f.endswith(".pl"):
488 planperltestsuite("pidl.%s" % f[:-3], os.path.normpath(os.path.join(samba4srcdir, "../pidl/tests", f)))
491 plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
492 plantestsuite_loadlist("samba.tests.dns", "rodc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
493 plantestsuite_loadlist("samba.tests.dns", "vampire_dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
495 plantestsuite_loadlist("samba.tests.dns_aging", "fl2003dc:local",
497 f"{srcdir()}/python/samba/tests/dns_aging.py",
501 '-U"$USERNAME%$PASSWORD"',
502 '--workgroup=$DOMAIN',
503 '$LOADLIST', '$LISTOPT'])
505 plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns_forwarder.py"), '$SERVER', '$SERVER_IP', '$DNS_FORWARDER1', '$DNS_FORWARDER2', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
507 plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
508 plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
510 plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
512 plantestsuite_loadlist("samba.tests.dns_packet",
515 '-msamba.subunit.run',
518 "samba.tests.dns_packet"
521 plantestsuite_loadlist("samba.tests.sddl",
524 '-msamba.subunit.run',
530 for t in smbtorture4_testsuites("dns_internal."):
531 plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever')
534 for t in smbtorture4_testsuites("dlz_bind9."):
535 # The dlz_bind9 tests needs to look at the DNS database
536 plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
538 planpythontestsuite("fileserver_smb1", "samba.tests.libsmb-basic")
540 planpythontestsuite("ad_member", "samba.tests.smb-notify",
541 environ={'USERNAME':'$DC_USERNAME',
542 'PASSWORD':'$DC_PASSWORD',
543 'USERNAME_UNPRIV':'alice',
544 'PASSWORD_UNPRIV':'Secret007',
545 'STRICT_CHECKING':'0',
546 'NOTIFY_SHARE':'notify_priv'})
549 # tests that interact directly with the command-line tools rather than using
550 # the API. These mainly test that the various command-line options of commands
553 # smbtorture --fullname parameter test
554 plantestsuite("samba4.blackbox.smbtorture_subunit_names", "none",
556 os.path.join(bbdir, "test_smbtorture_test_names.sh"),
560 for env in ["ad_member", "ad_dc_ntvfs", "chgdcpass"]:
561 plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
563 plantestsuite("samba4.blackbox.samba_tool(ad_dc_default:local)", "ad_dc_default:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient3])
564 plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])
566 plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
568 plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
570 if have_heimdal_support:
571 plantestsuite("samba4.blackbox.kinit",
574 os.path.join(bbdir, "test_kinit_heimdal.sh"),
581 "aes256-cts-hmac-sha1-96",
585 plantestsuite("samba4.blackbox.kinit",
588 os.path.join(bbdir, "test_kinit_heimdal.sh"),
599 plantestsuite("samba4.blackbox.kinit",
602 os.path.join(bbdir, "test_kinit_heimdal.sh"),
609 "aes256-cts-hmac-sha1-96",
613 plantestsuite("samba4.blackbox.kinit_trust",
616 os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"),
629 "aes256-cts-hmac-sha1-96"
631 plantestsuite("samba4.blackbox.kinit_trust",
634 os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"),
649 plantestsuite("samba4.blackbox.kinit_trust",
652 os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"),
667 plantestsuite("samba4.blackbox.export.keytab",
670 os.path.join(bbdir, "test_export_keytab_heimdal.sh"),
679 plantestsuite("samba4.blackbox.kpasswd",
682 os.path.join(bbdir, "test_kpasswd_heimdal.sh"),
690 plantestsuite("samba4.blackbox.krb5.s4u",
693 os.path.join(bbdir, "test_s4u_heimdal.sh"),
708 plantestsuite("samba4.blackbox.kinit",
711 os.path.join(bbdir, "test_kinit_mit.sh"),
721 plantestsuite("samba4.blackbox.kinit",
724 os.path.join(bbdir, "test_kinit_mit.sh"),
734 plantestsuite("samba4.blackbox.kinit",
737 os.path.join(bbdir, "test_kinit_mit.sh"),
747 plantestsuite("samba4.blackbox.kinit_trust",
750 os.path.join(bbdir, "test_kinit_trusts_mit.sh"),
764 plantestsuite("samba4.blackbox.kinit_trust",
767 os.path.join(bbdir, "test_kinit_trusts_mit.sh"),
781 plantestsuite("samba4.blackbox.kinit_trust",
784 os.path.join(bbdir, "test_kinit_trusts_mit.sh"),
798 plantestsuite("samba4.blackbox.export.keytab",
801 os.path.join(bbdir, "test_export_keytab_mit.sh"),
810 plantestsuite("samba4.blackbox.kpasswd",
813 os.path.join(bbdir, "test_kpasswd_mit.sh"),
822 plantestsuite("samba4.blackbox.pkinit_simple",
824 [os.path.join(bbdir, "test_pkinit_simple.sh"),
833 plantestsuite("samba4.blackbox.pkinit_pac",
835 [os.path.join(bbdir, "test_pkinit_pac.sh"),
844 plantestsuite("samba.blackbox.client_kerberos", "ad_dc", [os.path.join(bbdir, "test_client_kerberos.sh"), '$DOMAIN', '$REALM', '$USERNAME', '$PASSWORD', '$SERVER', '$PREFIX_ABS', '$SMB_CONF_PATH'])
846 env="ad_member:local"
847 plantestsuite("samba.blackbox.rpcclient_schannel",
849 [os.path.join(bbdir, "test_rpcclient_schannel.sh"),
858 env="ad_member_fips:local"
859 plantestsuite("samba.blackbox.rpcclient_schannel",
861 [os.path.join(bbdir, "test_rpcclient_schannel.sh"),
870 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
871 'OPENSSL_FORCE_FIPS_MODE': '1'})
873 plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE'])
874 plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
875 plantestsuite("samba4.blackbox.trust_ntlm", "fl2000dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
876 plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
877 plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
879 plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
880 plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
881 plantestsuite("samba4.blackbox.trust_utils(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
882 plantestsuite("samba4.blackbox.trust_token", "fl2008r2dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'forest'])
883 plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
884 plantestsuite("samba4.blackbox.trust_token", "fl2000dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
885 plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
886 plantestsuite("samba4.blackbox.password_settings(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_password_settings.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
887 plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
888 plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
889 plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
890 plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
891 plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
892 plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
893 plantestsuite("samba4.blackbox.rfc2307_mapping(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
894 plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3])
895 plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
896 plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
897 plantestsuite("samba4.blackbox.net_offlinejoin", "ad_dc:client", [os.path.join(bbdir, "test_net_offline.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
898 plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23'])
899 plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
900 plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
901 plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
902 plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID'])
904 env = "ad_member:local"
905 plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env,
906 [os.path.join(bbdir, "test_net_ads_search_server.sh"),
907 '$DC_SERVER', '$REALM'])
908 plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_e_both", env,
909 [os.path.join(bbdir, "test_net_ads_search_server.sh"),
910 '$TRUST_E_BOTH_SERVER', '$TRUST_E_BOTH_REALM'])
911 plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_f_both", env,
912 [os.path.join(bbdir, "test_net_ads_search_server.sh"),
913 '$TRUST_F_BOTH_SERVER', '$TRUST_F_BOTH_REALM'])
915 if have_gnutls_fips_mode_support:
916 plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"])
917 plantestsuite("samba4.blackbox.test_weak_disable_ntlmssp_ldap", "ad_member:local", [os.path.join(bbdir, "test_weak_disable_ntlmssp_ldap.sh"),'$DC_USERNAME', '$DC_PASSWORD'])
919 for env in ["ad_dc_fips", "ad_member_fips"]:
920 plantestsuite("samba4.blackbox.weak_crypto.server",
922 [os.path.join(bbdir, "test_weak_crypto_server.sh"),
928 "$PREFIX/ad_dc_fips",
930 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
931 'OPENSSL_FORCE_FIPS_MODE': '1'})
933 plantestsuite("samba4.blackbox.net_ads_fips",
935 [os.path.join(bbdir, "test_net_ads_fips.sh"),
940 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
941 'OPENSSL_FORCE_FIPS_MODE': '1'})
943 t = "--krb5auth=$DOMAIN/$DC_USERNAME%$DC_PASSWORD"
944 plantestsuite("samba3.wbinfo_simple.fips.%s" % t,
945 "ad_member_fips:local",
946 [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t],
947 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
948 'OPENSSL_FORCE_FIPS_MODE': '1'})
949 plantestsuite("samba4.wbinfo_name_lookup.fips",
951 [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_name_lookup.sh"),
955 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
956 'OPENSSL_FORCE_FIPS_MODE': '1'})
958 plansmbtorture4testsuite('rpc.fips.netlogon.crypto',
960 ['ncacn_np:$SERVER[krb5]',
961 '-U$USERNAME%$PASSWORD',
962 '--workgroup=$DOMAIN',
963 '--client-protection=encrypt'],
964 'samba4.rpc.fips.netlogon.crypto',
965 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
966 'OPENSSL_FORCE_FIPS_MODE': '1'})
968 plansmbtorture4testsuite('rpc.echo', "ad_dc_ntvfs", ['ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD'], "samba4.rpc.echo against NetBIOS alias")
970 # Test wbinfo trust auth
971 for env in ["ad_member_oneway:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
972 for t in ["--krb5auth=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
973 "--krb5auth=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD",
974 "--authenticate=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
975 "--authenticate=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD"]:
976 plantestsuite("samba3.wbinfo_simple.trust:%s" % t, env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
978 # json tests hook into ``chgdcpass'' to make them run in contributor CI on
980 planpythontestsuite("chgdcpass", "samba.tests.blackbox.netads_json")
982 # Tests using the "Simple" NTVFS backend
983 for t in ["base.rw1"]:
984 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ["//$SERVER/simple", '-U$USERNAME%$PASSWORD'], modname="samba4.ntvfs.simple.%s" % t)
986 # Domain S4member Tests
987 plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.echo against s4member server with local creds")
988 plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], "samba4.rpc.echo against s4member server with domain creds")
989 plansmbtorture4testsuite('rpc.samr', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr against s4member server with local creds")
990 plansmbtorture4testsuite('rpc.samr.users', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr.users against s4member server with local creds",)
991 plansmbtorture4testsuite('rpc.samr.passwords.default',
993 ['ncacn_np:$NETBIOSNAME',
994 '-U$NETBIOSNAME/$USERNAME%$PASSWORD'],
995 "samba4.rpc.samr.passwords.default against s4member server with local creds")
996 plantestsuite("samba4.blackbox.smbclient against s4member server with local creds", "s4member", [os.path.join(samba4srcdir, "client/tests/test_smbclient.sh"), '$NETBIOSNAME', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX', smbclient4])
999 plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], modname="samba4.rpc.echo against rpc proxy with domain creds")
1004 "-k no --option=clientusespnego=no",
1005 "-k no --option=gensec:spengo=no",
1007 "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
1008 for signing in ["--option=clientsigning=desired", "--option=clientsigning=required"]:
1009 signoptions = "%s %s" % (mech, signing)
1010 name = "smb.signing on with %s" % signoptions
1011 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], modname="samba4.%s" % name)
1015 "-k no --option=clientusespnego=no",
1016 "-k no --option=gensec:spengo=no",
1018 signoptions = "%s --client-protection=off" % mech
1019 name = "smb.signing disabled on with %s" % signoptions
1020 plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
1021 plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], "samba4.%s" % name)
1022 plansmbtorture4testsuite('base.xcopy', "ad_dc",
1023 ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
1025 plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient3])
1028 "-k no --option=clientusespnego=no",
1029 "-k no --option=gensec:spengo=no"]:
1030 signoptions = "%s --client-protection=off" % mech
1031 plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)
1033 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=desired', '-U%'], modname="samba4.smb.signing --option=clientsigning=desired anon")
1034 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=required', '-U%'], modname="samba4.smb.signing --option=clientsigning=required anon")
1035 plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=disabled', '-U%'], modname="samba4.smb.signing --option=clientsigning=disabled anon")
1037 # Test SPNEGO without issuing an optimistic token
1038 opt='--option=spnego:client_no_optimistic=yes'
1039 plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'no'], modname="samba4.smb.spnego.ntlmssp.no_optimistic")
1040 plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'yes'], modname="samba4.smb.spnego.krb5.no_optimistic")
1042 wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""]
1044 winbind_ad_client_tests = smbtorture4_testsuites("winbind.struct") + smbtorture4_testsuites("winbind.pac")
1045 winbind_wbclient_tests = smbtorture4_testsuites("winbind.wbclient")
1046 for env in ["ad_dc", "ad_member", "nt4_member"]:
1047 wb_opts = wb_opts_default[:]
1048 if env in ["ad_member"]:
1049 wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""]
1050 for t in winbind_ad_client_tests:
1051 plansmbtorture4testsuite(t, "%s:local" % env, wb_opts + ['//$SERVER/tmp', '--realm=$REALM', '--machine-pass', '--option=torture:addc=$DC_SERVER'])
1053 for env in ["nt4_dc", "fl2003dc"]:
1054 for t in winbind_wbclient_tests:
1055 plansmbtorture4testsuite(t, "%s:local" % env, '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
1057 for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "chgdcpass", "rodc"]:
1058 tests = ["--ping", "--separator",
1061 "--trusted-domains",
1062 "--domain-info=BUILTIN",
1063 "--domain-info=$DOMAIN",
1065 "--online-status --domain=BUILTIN",
1066 "--online-status --domain=$DOMAIN",
1067 "--check-secret --domain=$DOMAIN",
1068 "--change-secret --domain=$DOMAIN",
1069 "--check-secret --domain=$DOMAIN",
1070 "--online-status --domain=$DOMAIN",
1073 "--name-to-sid=$DC_USERNAME",
1074 "--name-to-sid=$DOMAIN/$DC_USERNAME",
1075 "--user-info=$DOMAIN/$DC_USERNAME",
1076 "--user-groups=$DOMAIN/$DC_USERNAME",
1077 "--authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD",
1082 plantestsuite("samba.wbinfo_simple.%s" % (t.replace(" --", ".").replace("--", "")), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
1085 "samba.wbinfo_sids2xids.(%s:local)" % env, "%s:local" % env,
1086 [os.path.join(samba3srcdir, "script/tests/test_wbinfo_sids2xids.sh")])
1088 planpythontestsuite(env + ":local", "samba.tests.ntlm_auth")
1090 for env in ["ktest"]:
1091 planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5")
1093 for env in ["s4member_dflt_domain", "s4member"]:
1094 for cmd in ["id", "getent"]:
1095 users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
1096 if env == "s4member":
1097 users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"]
1099 plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir, cmd, usr))
1101 nsstest4 = binpath("nsstest")
1102 for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]:
1103 if os.path.exists(nsstest4):
1104 plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "plugins/libnss_wrapper_winbind.so.2")])
1106 skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
1108 subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
1111 def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None):
1112 if extra_path is None:
1116 if extra_args is None:
1118 environ = dict(environ)
1119 py_path = list(extra_path)
1121 environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
1122 args = ["%s=%s" % item for item in environ.items()]
1123 args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
1127 plantestsuite_loadlist(name, env, args)
1129 if have_gnutls_fips_mode_support:
1130 planoldpythontestsuite("ad_dc",
1131 "samba.tests.dcerpc.createtrustrelax",
1132 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
1133 'OPENSSL_FORCE_FIPS_MODE': '1'})
1134 planoldpythontestsuite("ad_dc_fips",
1135 "samba.tests.dcerpc.createtrustrelax",
1136 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
1137 'OPENSSL_FORCE_FIPS_MODE': '1'})
1139 # Run complex search expressions test once for each database backend.
1140 # Right now ad_dc has mdb and ad_dc_ntvfs has tdb
1141 mdb_testenv = "ad_dc"
1142 tdb_testenv = "ad_dc_ntvfs"
1143 for testenv in [mdb_testenv, tdb_testenv]:
1144 planoldpythontestsuite(testenv, "samba.tests.complex_expressions", extra_args=['-U"$USERNAME%$PASSWORD"'])
1146 planoldpythontestsuite("ad_dc_default:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
1147 planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python")
1148 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.sam")
1149 planpythontestsuite("ad_dc_default:local", "samba.tests.dsdb")
1150 planpythontestsuite("none", "samba.tests.dsdb_lock")
1151 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.bare")
1152 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.lsa")
1153 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.unix")
1154 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc")
1155 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.timecmd")
1156 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.join")
1157 planpythontestsuite("ad_member_s3_join", "samba.tests.samba_tool.join_member")
1158 planpythontestsuite("ad_dc_default",
1159 "samba.tests.samba_tool.join_lmdb_size")
1160 planpythontestsuite("ad_dc_default",
1161 "samba.tests.samba_tool.drs_clone_dc_data_lmdb_size")
1162 planpythontestsuite("ad_dc_default",
1163 "samba.tests.samba_tool.promote_dc_lmdb_size")
1165 planpythontestsuite("none", "samba.tests.samba_tool.visualize")
1169 for env in all_fl_envs:
1170 planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo")
1172 # test samba-tool user, group, contact and computer edit command
1173 for env in all_fl_envs:
1175 plantestsuite("samba.tests.samba_tool.user_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/user_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1176 plantestsuite("samba.tests.samba_tool.group_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/group_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1177 plantestsuite("samba.tests.samba_tool.contact_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/contact_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1178 plantestsuite("samba.tests.samba_tool.computer_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/computer_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1180 # We run this test against both AD DC implementations because it is
1181 # the only test we have of GPO get/set behaviour, and this involves
1182 # the file server as well as the LDAP server.
1183 # It's also a good sanity-check that sysvol backup worked correctly.
1184 for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
1185 smbv1_disabled_testenv]:
1186 planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo")
1187 for env in ["ad_dc_ntvfs", "ad_dc"]:
1188 planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo_exts")
1190 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes")
1192 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user")
1193 for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]:
1194 planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest")
1195 for env, nt_hash in [("ad_dc:local", True),
1196 ("ad_dc_no_ntlm:local", False)]:
1197 planpythontestsuite(env, "samba.tests.samba_tool.user",
1198 environ={"EXPECT_NT_HASH": int(nt_hash)})
1199 planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword")
1200 planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg")
1201 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script")
1203 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.group")
1204 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.ou")
1205 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.computer")
1206 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.contact")
1207 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.forest")
1208 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.schema")
1209 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.claim")
1210 planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema")
1211 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl")
1212 planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check")
1213 planpythontestsuite("none", "samba.tests.samba_tool.provision_lmdb_size")
1214 planpythontestsuite("none", "samba.tests.samba_tool.provision_userPassword_crypt")
1215 planpythontestsuite("none", "samba.tests.samba_tool.help")
1216 # Make sure samba-tool can execute without import failures when run
1217 # without the ad-dc built. The fileserver test environment runs against
1218 # the samba-h5l-build autobuild. This build was chosen because it's
1219 # configured with --without-ad-dc and does not disable ads, which is
1220 # required to run some samba-tool commands.
1221 planpythontestsuite("fileserver", "samba.tests.samba_tool.help")
1223 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.passwordsettings")
1224 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.dsacl")
1226 planpythontestsuite("none", "samba.tests.samba_upgradedns_lmdb")
1228 # Run these against chgdcpass to share the runtime load
1229 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.sites")
1230 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.dnscmd")
1232 # Run this against chgdcpass to ensure at least one python3 test
1233 # against this autobuild target (samba-ad-dc-2)
1234 planpythontestsuite("chgdcpass:local", "samba.tests.dcerpc.rpcecho")
1236 planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAME%$PASSWORD"'])
1237 test_bin = os.path.abspath(os.path.join(os.getenv('BINDIR', './bin'), '../python/samba/tests/bin'))
1238 planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"'],
1239 environ={'PATH':':'.join([test_bin, os.getenv('PATH', '')])})
1240 planoldpythontestsuite("ad_member", "samba.tests.gpo_member", extra_args=['-U"$USERNAME%$PASSWORD"'])
1241 planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"'])
1243 planoldpythontestsuite("ad_dc", "samba.tests.sid_strings")
1245 # Run the import test in environments that may not have the ad-dc built
1246 for env in ['fileserver_smb1', 'nt4_member', 'clusteredmember', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']:
1247 planoldpythontestsuite(env, "samba.tests.imports")
1249 have_fast_support = 1
1251 compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
1252 if ('SAMBA4_USES_HEIMDAL' in config_hash or
1253 'HAVE_MIT_KRB5_1_20' in config_hash):
1258 if 'SAMBA4_USES_HEIMDAL' in config_hash:
1259 full_sig_support = 1
1261 full_sig_support = 0
1263 gnutls_pbkdf2_support = int('HAVE_GNUTLS_PBKDF2' in config_hash)
1265 if 'HAVE_MIT_KRB5_1_20' in config_hash:
1270 expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
1271 extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
1272 check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
1273 check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash)
1275 'SERVICE_USERNAME': '$SERVER',
1276 'ADMIN_USERNAME': '$DC_USERNAME',
1277 'ADMIN_PASSWORD': '$DC_PASSWORD',
1279 'FOR_USER': '$DC_USERNAME',
1280 'STRICT_CHECKING':'0',
1281 'FAST_SUPPORT': have_fast_support,
1282 'CLAIMS_SUPPORT': claims_support,
1283 'COMPOUND_ID_SUPPORT': compound_id_support,
1284 'TKT_SIG_SUPPORT': tkt_sig_support,
1285 'FULL_SIG_SUPPORT': full_sig_support,
1286 'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support,
1287 'EXPECT_PAC': expect_pac,
1288 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
1289 'CHECK_CNAME': check_cname,
1290 'CHECK_PADATA': check_padata,
1291 'KADMIN_IS_TGS': kadmin_is_tgs,
1293 planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
1294 planoldpythontestsuite("none", "samba.tests.krb5.claims_in_pac")
1295 planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
1296 environ=krb5_environ)
1297 for env, fast_support in [("ad_dc_default:local", True),
1298 ("fl2003dc:local", False)]:
1299 planoldpythontestsuite(env, "samba.tests.krb5.s4u_tests",
1302 'FAST_SUPPORT': int(have_fast_support and fast_support),
1304 planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
1305 environ=krb5_environ)
1307 planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
1309 planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests",
1310 environ=krb5_environ)
1312 planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
1313 environ=krb5_environ)
1314 planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
1315 environ=krb5_environ)
1316 for env in ['ad_dc_default', 'ad_member']:
1317 planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
1318 environ=krb5_environ)
1319 planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
1320 environ=krb5_environ)
1321 planoldpythontestsuite("ad_member_idmap_nss:local",
1322 "samba.tests.krb5.test_min_domain_uid",
1323 environ=krb5_environ)
1324 planoldpythontestsuite("ad_member_idmap_nss:local",
1325 "samba.tests.krb5.test_idmap_nss",
1328 'MAPPED_USERNAME': 'bob',
1329 'MAPPED_PASSWORD': 'Secret007',
1330 'UNMAPPED_USERNAME': 'jane',
1331 'UNMAPPED_PASSWORD': 'Secret007',
1332 'INVALID_USERNAME': 'joe',
1333 'INVALID_PASSWORD': 'Secret007',
1336 for env in ["ad_dc", smbv1_disabled_testenv]:
1337 planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'])
1338 planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
1339 extra_args=['-U"$USERNAME%$PASSWORD"'])
1341 planoldpythontestsuite(
1342 "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
1343 extra_args=['-U"$USERNAME%$PASSWORD"'])
1345 planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
1346 planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
1348 for env in ["chgdcpass", "ad_member"]:
1349 planoldpythontestsuite(env, "samba.tests.dcerpc.raw_protocol",
1350 environ={"MAX_NUM_AUTH": "8",
1351 "USERNAME": "$DC_USERNAME",
1352 "PASSWORD": "$DC_PASSWORD"})
1354 if have_heimdal_support:
1355 planoldpythontestsuite("ad_dc_smb1:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
1356 environ={'CLIENT_IP': '10.53.57.11',
1357 'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
1358 planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
1359 environ={'CLIENT_IP': '10.53.57.11',
1360 'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
1361 planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change",
1362 extra_args=['-U"$USERNAME%$PASSWORD"'],
1363 environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
1364 planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change",
1365 extra_args=['-U"$USERNAME%$PASSWORD"'],
1366 environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
1368 # these tests use a NCA local RPC connection, so always run on the
1369 # :local testenv, and so don't need to fake a client connection
1370 for env in ["ad_dc_ntvfs:local", "ad_dc:local"]:
1371 planoldpythontestsuite(env, "samba.tests.auth_log_ncalrpc", extra_args=['-U"$USERNAME%$PASSWORD"'])
1372 planoldpythontestsuite(env, "samba.tests.auth_log_samlogon",
1373 extra_args=['-U"$USERNAME%$PASSWORD"'])
1374 planoldpythontestsuite(env, "samba.tests.auth_log_netlogon",
1375 extra_args=['-U"$USERNAME%$PASSWORD"'])
1376 planoldpythontestsuite(env, "samba.tests.auth_log_netlogon_bad_creds",
1377 extra_args=['-U"$USERNAME%$PASSWORD"'])
1379 planoldpythontestsuite("ad_member:local",
1380 "samba.tests.auth_log_winbind",
1381 extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
1382 planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
1383 extra_args=['-U"$USERNAME%$PASSWORD"'],
1384 environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
1385 planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
1386 extra_args=['-U"$USERNAME%$PASSWORD"'])
1387 planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
1388 extra_args=['-U"$USERNAME%$PASSWORD"'])
1390 planoldpythontestsuite("fl2008r2dc:local",
1391 "samba.tests.getdcname",
1392 extra_args=['-U"$USERNAME%$PASSWORD"'])
1394 planoldpythontestsuite("ad_dc_smb1",
1395 "samba.tests.net_join_no_spnego",
1396 extra_args=['-U"$USERNAME%$PASSWORD"'])
1397 planoldpythontestsuite("ad_dc",
1398 "samba.tests.net_join",
1399 extra_args=['-U"$USERNAME%$PASSWORD"'])
1400 planoldpythontestsuite("ad_dc",
1401 "samba.tests.s3_net_join",
1402 extra_args=['-U"$USERNAME%$PASSWORD"'])
1403 planoldpythontestsuite("ad_dc",
1404 "samba.tests.segfault",
1405 extra_args=['-U"$USERNAME%$PASSWORD"'])
1406 # Need to test the password hashing in multiple environments to ensure that
1407 # all the possible options are covered
1409 # ad_dc:local functional_level >= 2008, gpg keys available
1410 planoldpythontestsuite("ad_dc:local",
1411 "samba.tests.password_hash_gpgme",
1412 extra_args=['-U"$USERNAME%$PASSWORD"'])
1413 # ad_dc_ntvfs:local functional level >= 2008, gpg keys not available
1414 planoldpythontestsuite("ad_dc_ntvfs:local",
1415 "samba.tests.password_hash_fl2008",
1416 extra_args=['-U"$USERNAME%$PASSWORD"'])
1417 # fl2003dc:local functional level < 2008, gpg keys not available
1418 planoldpythontestsuite("fl2003dc:local",
1419 "samba.tests.password_hash_fl2003",
1420 extra_args=['-U"$USERNAME%$PASSWORD"'])
1421 # ad_dc: wDigest values over ldap
1422 planoldpythontestsuite("ad_dc",
1423 "samba.tests.password_hash_ldap",
1424 extra_args=['-U"$USERNAME%$PASSWORD"'])
1426 for env in ["ad_dc_backup", smbv1_disabled_testenv]:
1427 planoldpythontestsuite(env + ":local", "samba.tests.domain_backup",
1428 extra_args=['-U"$USERNAME%$PASSWORD"'])
1430 planoldpythontestsuite("ad_dc",
1431 "samba.tests.domain_backup_offline")
1433 # ensure default provision (ad_dc) and join (vampire_dc)
1434 # encrypt secret values on disk.
1435 planoldpythontestsuite("ad_dc:local",
1436 "samba.tests.encrypted_secrets",
1437 extra_args=['-U"$USERNAME%$PASSWORD"'])
1438 planoldpythontestsuite("vampire_dc:local",
1439 "samba.tests.encrypted_secrets",
1440 extra_args=['-U"$USERNAME%$PASSWORD"'])
1441 # The fl2000dc environment is provisioned with the --plaintext_secrets option
1442 # so this test will fail, which proves the secrets are not being encrypted.
1443 # There is an entry in known_fail.d.
1444 planoldpythontestsuite("fl2000dc:local",
1445 "samba.tests.encrypted_secrets",
1446 extra_args=['-U"$USERNAME%$PASSWORD"'])
1448 planpythontestsuite("none",
1449 "samba.tests.lsa_string")
1451 planoldpythontestsuite("ad_dc_ntvfs",
1452 "samba.tests.krb5_credentials",
1453 extra_args=['-U"$USERNAME%$PASSWORD"'])
1455 for env in ["ad_dc_ntvfs", "vampire_dc", "promoted_dc"]:
1456 planoldpythontestsuite(env,
1457 "samba.tests.py_credentials",
1458 extra_args=['-U"$USERNAME%$PASSWORD"'])
1459 planoldpythontestsuite("ad_dc_ntvfs",
1460 "samba.tests.emulate.traffic",
1461 extra_args=['-U"$USERNAME%$PASSWORD"'])
1462 planoldpythontestsuite("ad_dc_ntvfs",
1463 "samba.tests.emulate.traffic_packet",
1464 extra_args=['-U"$USERNAME%$PASSWORD"'])
1465 planoldpythontestsuite("ad_dc_ntvfs",
1466 "samba.tests.blackbox.traffic_replay",
1467 extra_args=['-U"$USERNAME%$PASSWORD"'])
1468 planoldpythontestsuite("ad_dc_ntvfs",
1469 "samba.tests.blackbox.traffic_learner",
1470 extra_args=['-U"$USERNAME%$PASSWORD"'])
1471 planoldpythontestsuite("ad_dc_ntvfs",
1472 "samba.tests.blackbox.traffic_summary",
1473 extra_args=['-U"$USERNAME%$PASSWORD"'])
1474 planoldpythontestsuite("none", "samba.tests.loadparm")
1475 planoldpythontestsuite("fileserver",
1476 "samba.tests.blackbox.mdsearch",
1477 extra_args=['-U"$USERNAME%$PASSWORD"'])
1478 planoldpythontestsuite("fileserver",
1479 "samba.tests.blackbox.smbcacls_basic")
1480 planoldpythontestsuite("fileserver",
1481 "samba.tests.blackbox.smbcacls_basic",
1482 "samba.tests.blackbox.smbcacls_basic(DFS)",
1483 environ={'SHARE': 'msdfs-share',
1484 'TESTDIR': 'smbcacls_sharedir_dfs'})
1485 # Run smbcacls_propagate_inhertance tests on non msdfs root share
1486 planoldpythontestsuite("fileserver",
1487 "samba.tests.blackbox.smbcacls_propagate_inhertance")
1489 # A) Run the smbcacls_propagate_inhertance tests on a msdfs root share
1490 # *without* any nested dfs links
1491 # B) Run the smbcacls_propagate_inhertance tests on a msdfs root share
1492 # *with* a nested dfs link
1494 planoldpythontestsuite("fileserver",
1495 "samba.tests.blackbox.smbcacls_dfs_propagate_inherit",
1496 "samba.tests.blackbox.smbcacls_dfs_propagate_inherit(DFS-msdfs-root)",
1497 environ={'SHARE': 'smbcacls_share'})
1499 # Want a selection of environments across the process models
1501 for env in ["ad_dc_ntvfs:local", "ad_dc:local",
1502 "fl2003dc:local", "fl2008r2dc:local",
1503 "promoted_dc:local"]:
1504 planoldpythontestsuite(env, "samba.tests.blackbox.smbcontrol")
1506 planoldpythontestsuite("none", "samba.tests.blackbox.downgradedatabase")
1508 planpythontestsuite("ad_member:local", "samba.tests.blackbox.netads_dns")
1510 plantestsuite_loadlist("samba4.ldap.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1512 plantestsuite_loadlist("samba4.ldap_modify_order.python(ad_dc_default)",
1514 [python, os.path.join(samba4srcdir,
1515 "dsdb/tests/python/"
1516 "ldap_modify_order.py"),
1517 # add "-v" here to diagnose
1519 '-U"$USERNAME%$PASSWORD"',
1520 '--workgroup=$DOMAIN',
1524 plantestsuite_loadlist("samba4.ldap_modify_order.normal_user.python(ad_dc_default)",
1526 [python, os.path.join(samba4srcdir,
1527 "dsdb/tests/python/"
1528 "ldap_modify_order.py"),
1530 # add "-v" here to diagnose
1532 '-U"$USERNAME%$PASSWORD"',
1533 '--workgroup=$DOMAIN',
1537 planoldpythontestsuite("ad_dc",
1538 "samba.tests.ldap_raw",
1539 extra_args=['-U"$USERNAME%$PASSWORD"'],
1540 environ={'TEST_ENV': 'ad_dc'})
1542 plantestsuite_loadlist("samba.tests.ldap_spn", "ad_dc",
1544 f"{srcdir()}/python/samba/tests/ldap_spn.py",
1546 '-U"$USERNAME%$PASSWORD"',
1547 '--workgroup=$DOMAIN',
1548 '$LOADLIST', '$LISTOPT'])
1550 plantestsuite_loadlist("samba.tests.ldap_upn_sam_account", "ad_dc_ntvfs",
1552 f"{srcdir()}/python/samba/tests/ldap_upn_sam_account.py",
1554 '-U"$USERNAME%$PASSWORD"',
1555 '--workgroup=$DOMAIN',
1556 '$LOADLIST', '$LISTOPT'])
1559 plantestsuite_loadlist("samba4.tokengroups.krb5.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'yes', '$LOADLIST', '$LISTOPT'])
1560 plantestsuite_loadlist("samba4.tokengroups.ntlm.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'no', '$LOADLIST', '$LISTOPT'])
1561 plantestsuite("samba4.sam.python(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1562 plantestsuite("samba4.sam.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1563 plantestsuite("samba4.asq.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "asq.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1564 plantestsuite("samba4.user_account_control.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1565 plantestsuite("samba4.priv_attrs.python(ad_dc_default)", "ad_dc_default", ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1566 plantestsuite("samba4.priv_attrs.strict.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1567 plantestsuite("samba4.unicodepwd_encrypted(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "unicodepwd_encrypted.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1569 for env in ['ad_dc_default:local', 'schema_dc:local']:
1570 planoldpythontestsuite(env, "dsdb_schema_info",
1571 extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
1572 name="samba4.schemaInfo.python(%s)" % (env),
1573 extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'])
1575 planpythontestsuite(env, "samba.tests.dsdb_schema_attributes")
1577 plantestsuite_loadlist("samba4.urgent_replication.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "urgent_replication.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
1578 plantestsuite_loadlist("samba4.ldap.dirsync.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "dirsync.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1579 plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1580 plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules_remote.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1581 plantestsuite("samba4.ldap.index.python", "none", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/index.py")])
1582 plantestsuite_loadlist("samba4.ldap.notification.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "notification.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1583 plantestsuite_loadlist("samba4.ldap.sites.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sites.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1586 # Test with LMDB (GSSAPI/SASL bind)
1587 plantestsuite_loadlist("samba4.ldap.large_ldap.gssapi.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=yes', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1589 env = 'ad_dc_default'
1590 # Test with TDB (NTLMSSP bind)
1591 plantestsuite_loadlist("samba4.ldap.large_ldap.ntlmssp.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=no', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1594 # Test with ldaps://
1595 plantestsuite_loadlist("samba4.ldap.large_ldap.ldaps.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldaps://$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1598 # Test with straight ldap
1599 plantestsuite_loadlist("samba4.ldap.large_ldap.straight_ldap.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldap://$SERVER', '--simple-bind-dn=$USERNAME@$REALM', '--password=$PASSWORD', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1601 planoldpythontestsuite("ad_dc_default", "sort", environ={'SERVER' : '$SERVER', 'DATA_DIR' : os.path.join(samba4srcdir, 'dsdb/tests/python/testdata/')}, name="samba4.ldap.sort.python", extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1603 plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1605 plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)",
1606 "ad_dc_ntvfs:local",
1607 [python, os.path.join(samba4srcdir,
1608 "dsdb/tests/python/subtree_rename.py"),
1609 '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb',
1610 '-U"$USERNAME%$PASSWORD"',
1611 '--workgroup=$DOMAIN',
1615 planoldpythontestsuite(
1617 "samba.tests.ldap_referrals",
1619 'SERVER': '$SERVER',
1621 name="samba.ldap.referrals",
1622 extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1624 # These should be the first tests run against testenvs created by backup/restore
1625 for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
1626 # check that a restored DC matches the original DC (backupfromdc)
1627 plantestsuite("samba4.blackbox.ldapcmp_restore", env,
1628 ["PYTHON=%s" % python,
1629 os.path.join(bbdir, "ldapcmp_restoredc.sh"),
1630 '$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
1632 # we also test joining backupfromdc here, as it's a bit special in that it
1633 # doesn't have Default-First-Site-Name
1634 for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
1636 # basic test that we can join the testenv DC
1637 plantestsuite("samba4.blackbox.join_ldapcmp", env,
1638 ["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
1640 env = 'backupfromdc'
1641 planoldpythontestsuite("%s:local" % env, "samba_tool_drs_no_dns",
1642 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1643 name="samba4.drs.samba_tool_drs_no_dns.python(%s)" % env,
1644 environ={'DC1': '$DC_SERVER', 'DC2': '$DC_SERVER'},
1645 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1647 plantestsuite_loadlist("samba4.ldap.rodc.python(rodc)", "rodc",
1649 os.path.join(DSDB_PYTEST_DIR, "rodc.py"),
1650 '$SERVER', '-U"$USERNAME%$PASSWORD"',
1651 '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1653 plantestsuite_loadlist("samba4.ldap.rodc_rwdc.python(rodc)", "rodc:local",
1655 os.path.join(samba4srcdir,
1656 "dsdb/tests/python/rodc_rwdc.py"),
1657 '$SERVER', '$DC_SERVER', '-U"$USERNAME%$PASSWORD"',
1658 '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1660 planoldpythontestsuite("rodc:local", "replica_sync_rodc",
1661 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1662 name="samba4.drs.replica_sync_rodc.python(rodc)",
1663 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1664 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1666 planoldpythontestsuite("ad_dc_default_smb1", "password_settings",
1667 extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
1668 name="samba4.ldap.passwordsettings.python",
1669 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1671 for env in all_fl_envs + ["schema_dc"]:
1672 plantestsuite_loadlist("samba4.ldap_schema.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "ldap_schema.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1673 plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"])
1674 plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1675 plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1676 plantestsuite_loadlist("samba4.ldap.acl_modify.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl_modify.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1678 for env in all_fl_envs + ["schema_dc", "ad_dc_no_ntlm"]:
1679 if env != "fl2000dc":
1680 # This test makes excessive use of the "userPassword" attribute which
1681 # isn't available on DCs with Windows 2000 domain function level -
1682 # therefore skip it in that configuration
1683 plantestsuite_loadlist("samba4.ldap.passwords.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "passwords.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", '$LOADLIST', '$LISTOPT'])
1685 for env in ["ad_dc_slowtests"]:
1686 # This test takes a lot of time, so we run it against a minimum of
1687 # environments, please only add new ones if there's really a
1688 # difference we need to test
1689 plantestsuite_loadlist("samba4.ldap.vlv.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "vlv.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1690 plantestsuite_loadlist("samba4.ldap.confidential_attr.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "confidential_attr.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1691 plantestsuite_loadlist("samba4.ldap.password_lockout.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "password_lockout.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", '$LOADLIST', '$LISTOPT'])
1692 planoldpythontestsuite(env, "tombstone_reanimation",
1693 name="samba4.tombstone_reanimation.python",
1694 environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME', 'TEST_PASSWORD': '$PASSWORD'},
1695 extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')]
1697 planoldpythontestsuite(env, "samba.tests.join",
1698 name="samba.tests.join.python(%s)" % env,
1699 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1701 # this is a basic sanity-check of Kerberos/NTLM user login
1702 for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc", "ad_dc_no_ntlm"]:
1703 plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env,
1704 [python, os.path.join(DSDB_PYTEST_DIR, "login_basics.py"),
1705 "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM",
1706 '$LOADLIST', '$LISTOPT'])
1708 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.upgradeprovisionneeddc")
1709 planpythontestsuite("ad_dc:local", "samba.tests.posixacl")
1710 planpythontestsuite("ad_dc_no_nss:local", "samba.tests.posixacl")
1711 plantestsuite_loadlist("samba4.deletetest.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "deletetest.py"),
1712 '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1713 plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
1714 plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
1715 plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
1716 plantestsuite("samba4.blackbox.provision_fileperms", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/provision_fileperms.sh"), '$PREFIX/provision'])
1717 plantestsuite("samba4.blackbox.supported_features", "none",
1718 ["PYTHON=%s" % python,
1719 os.path.join(samba4srcdir,
1720 "setup/tests/blackbox_supported_features.sh"),
1721 '$PREFIX/provision'])
1722 plantestsuite("samba4.blackbox.start_backup", "none",
1723 ["PYTHON=%s" % python,
1724 os.path.join(samba4srcdir,
1725 "setup/tests/blackbox_start_backup.sh"),
1726 '$PREFIX/provision'])
1727 plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision'])
1728 plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision'])
1729 plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision'])
1730 plantestsuite("samba4.blackbox.group.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_group.sh"), '$PREFIX/provision'])
1731 plantestsuite("samba4.blackbox.spn.py(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_spn.sh"), '$PREFIX/ad_dc_ntvfs'])
1732 plantestsuite_loadlist("samba4.ldap.bind(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(srcdir(), "auth/credentials/tests/bind.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '$LOADLIST', '$LISTOPT'])
1734 # This makes sure we test the rid allocation code
1735 t = "rpc.samr.large-dc"
1736 plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname=("samba4.%s.one" % t))
1737 plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s.two" % t)
1739 # RPC smoke-tests for testenvs of interest (RODC, etc)
1740 for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
1741 plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
1742 plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
1743 plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", r'-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
1744 plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
1745 plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', binpath('smbclient')])
1747 planpythontestsuite("rodc:local", "samba.tests.samba_tool.rodc")
1749 plantestsuite("samba.blackbox.rpcclient_samlogon", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
1750 "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
1752 plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
1753 r"testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
1755 plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
1756 "testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
1759 # Test renaming the DC
1760 plantestsuite("samba4.blackbox.renamedc.sh", "none", ["PYTHON=%s" % python, os.path.join(bbdir, "renamedc.sh"), '$PREFIX/provision'])
1763 # Note that $DC_SERVER is the PDC (e.g. ad_dc_ntvfs) and $SERVER is
1764 # the 2nd DC (e.g. vampire_dc).
1767 planoldpythontestsuite(env, "ridalloc_exop",
1768 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1769 name="samba4.drs.ridalloc_exop.python(%s)" % env,
1770 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1771 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1773 # This test can pollute the environment a little by creating and
1774 # deleting DCs which can get into the replication state for a while.
1776 # The setting of DC1 to $DC_SERVER means that it will join towards and
1777 # operate on schema_dc. This matters most when running
1778 # test_samba_tool_replicate_local as this sets up a full temp DC and
1779 # does new replication to it, which can show up in the replication
1782 # That is why this test is run on the isolated environment and not on
1783 # those connected with ad_dc (vampiredc/promoteddc)
1785 # The chgdcpass enviroment is likewise isolated and emulates Samba 4.5
1786 # with regard to GET_ANC
1788 env = 'schema_pair_dc'
1789 planoldpythontestsuite("%s:local" % env, "samba_tool_drs",
1790 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1791 name="samba4.drs.samba_tool_drs.python(%s)" % env,
1792 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1793 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1794 for env in ['chgdcpass', 'schema_pair_dc']:
1795 planoldpythontestsuite("%s:local" % env, "samba_tool_drs_critical",
1796 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1797 name="samba4.drs.samba_tool_drs_critical.python(%s)" % env,
1798 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1799 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1801 env = "schema_pair_dc"
1802 planoldpythontestsuite(env, "getnc_schema",
1803 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1804 name="samba4.drs.getnc_schema.python(%s)" % env,
1805 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER',
1806 "PLEASE_BREAK_MY_WINDOWS": "1"},
1807 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1809 # This test can be sensitive to the DC joins and replications done in
1810 # "samba_tool_drs" so it is run against schema_pair_dc/schema_dc
1811 # not the set of environments connected with ad_dc.
1813 # This will show the replication state of ad_dc
1814 env = "schema_pair_dc"
1815 planoldpythontestsuite("%s:local" % env, "samba_tool_drs_showrepl",
1816 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1817 name="samba4.drs.samba_tool_drs_showrepl.python(%s)" % env,
1818 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1819 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1821 for env in ['vampire_dc', 'promoted_dc']:
1822 planoldpythontestsuite("%s:local" % env, "replica_sync",
1823 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1824 name="samba4.drs.replica_sync.python(%s)" % env,
1825 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1826 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1827 planoldpythontestsuite(env, "delete_object",
1828 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1829 name="samba4.drs.delete_object.python(%s)" % env,
1830 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1831 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1832 planoldpythontestsuite(env, "fsmo",
1833 name="samba4.drs.fsmo.python(%s)" % env,
1834 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1835 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1836 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1837 planoldpythontestsuite(env, "repl_secdesc",
1838 name="samba4.drs.repl_secdesc.python(%s)" % env,
1839 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1840 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1841 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1842 planoldpythontestsuite(env, "repl_move",
1843 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1844 name="samba4.drs.repl_move.python(%s)" % env,
1845 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1846 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1847 planoldpythontestsuite(env, "getnc_unpriv",
1848 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1849 name="samba4.drs.getnc_unpriv.python(%s)" % env,
1850 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1851 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1852 planoldpythontestsuite(env, "linked_attributes_drs",
1853 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1854 name="samba4.drs.linked_attributes_drs.python(%s)" % env,
1855 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1856 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1857 planoldpythontestsuite(env, "link_conflicts",
1858 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1859 name="samba4.drs.link_conflicts.python(%s)" % env,
1860 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1861 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1863 # Environment chgdcpass has the Samba 4.5 GET_ANC behaviour, which we
1864 # set a knownfail to expect
1865 for env in ['vampire_dc', 'promoted_dc', 'chgdcpass']:
1866 planoldpythontestsuite(env, "getnc_exop",
1867 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1868 name="samba4.drs.getnc_exop.python(%s)" % env,
1869 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1870 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1872 for env in ['vampire_dc', 'promoted_dc', 'vampire_2000_dc']:
1873 planoldpythontestsuite(env, "repl_schema",
1874 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1875 name="samba4.drs.repl_schema.python(%s)" % env,
1876 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1877 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1879 # A side-effect of the getncchanges tests is that they will create hundreds of
1880 # tombstone objects, so run them last to avoid interferring with (and slowing
1881 # down) the other DRS tests
1882 for env in ['vampire_dc', 'promoted_dc']:
1883 planoldpythontestsuite(env, "getncchanges",
1884 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1885 name="samba4.drs.getncchanges.python(%s)" % env,
1886 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1887 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1889 for env in ['ad_dc_ntvfs']:
1890 planoldpythontestsuite(env, "repl_rodc",
1891 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1892 name="samba4.drs.repl_rodc.python(%s)" % env,
1893 environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
1894 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1895 planoldpythontestsuite(env, "cracknames",
1896 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1897 name="samba4.drs.cracknames.python(%s)" % env,
1898 environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
1899 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1901 planoldpythontestsuite("chgdcpass:local", "samba.tests.blackbox.samba_dnsupdate",
1902 environ={'DNS_SERVER_IP': '$SERVER_IP'})
1904 for env in ["s4member", "rodc", "promoted_dc", "ad_dc", "ad_member"]:
1905 plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env])
1907 # Offline logon (ad_member)
1908 plantestsuite("samba.blackbox.offline_logon",
1909 "ad_member_offlogon",
1910 [os.path.join(bbdir, "test_offline_logon.sh"),
1912 'alice', 'Secret007',
1914 'jane', 'Secret007',
1915 'joe', 'Secret007'])
1921 # This test is for users cached at the RODC
1922 plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD',
1923 '--workgroup=$DOMAIN', '--realm=$REALM',
1924 '--option=torture:krb5-upn=testdenied_upn@$REALM.upn',
1925 '--option=torture:expect_rodc=true'],
1926 "samba4.krb5.kdc with account DENIED permission to replicate to an RODC")
1927 plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", r'-Utestallowed\ account%$PASSWORD',
1928 '--workgroup=$DOMAIN', '--realm=$REALM',
1929 '--option=torture:expect_machine_account=true',
1930 r'--option=torture:krb5-upn=testallowed\ upn@$REALM',
1931 '--option=torture:krb5-hostname=testallowed',
1932 '--option=torture:expect_rodc=true',
1933 '--option=torture:expect_cached_at_rodc=true'],
1934 "samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC")
1936 # This ensures we have correct behaviour on a server that is not not the PDC emulator
1938 plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'],
1939 "samba4.krb5.kdc with specified account")
1940 plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestupnspn%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM',
1941 '--option=torture:expect_machine_account=true',
1942 '--option=torture:krb5-upn=http/testupnspn.$DNSNAME@$REALM',
1943 '--option=torture:krb5-hostname=testupnspn.$DNSNAME',
1944 '--option=torture:krb5-service=http'],
1945 "samba4.krb5.kdc with account having identical UPN and SPN")
1946 for env in ["fl2008r2dc", "fl2003dc"]:
1947 fast_support = have_fast_support
1948 if env in ["fl2003dc"]:
1950 planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests",
1953 'FAST_SUPPORT': fast_support,
1956 planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
1957 environ=krb5_environ)
1959 for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
1961 # The machine account is cached at the RODC, as it is the local account
1962 extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true']
1966 plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P',
1967 '--workgroup=$DOMAIN', '--realm=$REALM',
1968 '--option=torture:krb5-hostname=$SERVER',
1969 '--option=torture:run_removedollar_test=true',
1970 '--option=torture:expect_machine_account=true'] + extra_options,
1971 "samba4.krb5.kdc with machine account")
1973 planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests",
1974 environ=krb5_environ)
1975 for env, fast_support in [("ad_dc", True),
1976 ("fl2003dc", False)]:
1977 planpythontestsuite(env, "samba.tests.krb5.compatability_tests",
1980 'FAST_SUPPORT': int(have_fast_support and fast_support),
1982 planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
1983 environ=krb5_environ)
1984 planpythontestsuite(
1986 "samba.tests.krb5.kdc_tgs_tests",
1987 environ=krb5_environ)
1988 planpythontestsuite(
1990 "samba.tests.krb5.fast_tests",
1991 environ=krb5_environ)
1992 planpythontestsuite(
1994 "samba.tests.krb5.ms_kile_client_principal_lookup_tests",
1995 environ=krb5_environ)
1996 planpythontestsuite(
1998 "samba.tests.krb5.spn_tests",
1999 environ=krb5_environ)
2000 planpythontestsuite(
2002 "samba.tests.krb5.alias_tests",
2003 environ=krb5_environ)
2004 planoldpythontestsuite(
2006 'samba.tests.krb5.pac_align_tests',
2007 environ=krb5_environ)
2008 planoldpythontestsuite(
2010 'samba.tests.krb5.protected_users_tests',
2011 environ=krb5_environ)
2012 for env, nt_hash in [("ad_dc:local", True),
2013 ("ad_dc_no_ntlm:local", False)]:
2014 planoldpythontestsuite(
2016 'samba.tests.krb5.nt_hash_tests',
2019 'EXPECT_NT_HASH': int(nt_hash),
2021 planoldpythontestsuite(
2023 'samba.tests.krb5.kpasswd_tests',
2024 environ=krb5_environ)
2025 planoldpythontestsuite(
2027 'samba.tests.krb5.claims_tests',
2028 environ=krb5_environ)
2029 planoldpythontestsuite(
2031 'samba.tests.krb5.device_tests',
2032 environ=krb5_environ)
2033 planoldpythontestsuite(
2035 'samba.tests.krb5.lockout_tests',
2036 environ=krb5_environ)
2037 planoldpythontestsuite(
2039 'samba.tests.krb5.group_tests',
2040 environ=krb5_environ)
2041 for env, forced_rc4 in [('ad_dc', False),
2042 ('promoted_dc', True)]:
2043 planoldpythontestsuite(
2045 'samba.tests.krb5.etype_tests',
2048 'DC_SERVER': '$SERVER',
2049 'DC_SERVER_IP': '$SERVER_IP',
2050 'DC_SERVER_IPV6': '$SERVER_IPV6',
2051 'FORCED_RC4': int(forced_rc4),
2057 planoldpythontestsuite(env, "samba.tests.kcc",
2058 name="samba.tests.kcc",
2059 environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME',
2060 'TEST_PASSWORD': '$PASSWORD',
2063 extra_path=[os.path.join(srcdir(), "samba/python"), ])
2064 planpythontestsuite(env, "samba.tests.samba_tool.visualize_drs")
2066 planpythontestsuite("ad_dc_default:local", "samba.tests.kcc.kcc_utils")
2068 for env in ["simpleserver", "fileserver", "nt4_dc", "ad_dc",
2069 "ad_member", "offlinebackupdc", "restoredc", "renamedc", "labdc", 'schema_pair_dc']:
2070 planoldpythontestsuite(env, "netlogonsvc",
2071 extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
2072 name="samba.tests.netlogonsvc.python(%s)" % env)
2074 for env in ["ktest", "ad_member", "ad_dc_no_ntlm"]:
2075 planoldpythontestsuite(env, "ntlmdisabled",
2076 extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
2077 name="samba.tests.ntlmdisabled.python(%s)" % env)
2079 # Demote the vampire DC, it must be the last test each DC, before the dbcheck
2080 for env in ['vampire_dc', 'promoted_dc', 'rodc']:
2081 planoldpythontestsuite(env, "samba.tests.samba_tool.demote",
2082 name="samba.tests.samba_tool.demote",
2084 'CONFIGFILE': '$PREFIX/%s/etc/smb.conf' % env
2086 extra_args=['-U"$USERNAME%$PASSWORD"'],
2087 extra_path=[os.path.join(srcdir(), "samba/python")]
2089 # TODO: Verifying the databases really should be a part of the
2090 # environment teardown.
2091 # check the databases are all OK. PLEASE LEAVE THIS AS THE LAST TEST
2092 for env in ["ad_dc", "fl2000dc", "fl2003dc", "fl2008r2dc",
2093 'vampire_dc', 'promoted_dc', 'backupfromdc', 'restoredc',
2094 'renamedc', 'offlinebackupdc', 'labdc']:
2095 plantestsuite("samba4.blackbox.dbcheck(%s)" % env, env + ":local", ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck.sh"), '$PREFIX/provision', configuration])
2098 # Tests to verify bug 13653 https://bugzilla.samba.org/show_bug.cgi?id=13653
2099 # ad_dc has an lmdb backend, ad_dc_ntvfs has a tdb backend.
2101 planoldpythontestsuite("ad_dc_ntvfs:local",
2102 "samba.tests.blackbox.bug13653",
2103 extra_args=['-U"$USERNAME%$PASSWORD"'],
2104 environ={'TEST_ENV': 'ad_dc_ntvfs'})
2105 planoldpythontestsuite("ad_dc:local",
2106 "samba.tests.blackbox.bug13653",
2107 extra_args=['-U"$USERNAME%$PASSWORD"'],
2108 environ={'TEST_ENV': 'ad_dc'})
2109 # cmocka tests not requiring a specific environment
2111 plantestsuite("samba4.dsdb.samdb.ldb_modules.unique_object_sids", "none",
2112 [os.path.join(bindir(), "test_unique_object_sids")])
2113 plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.tdb", "none",
2114 [os.path.join(bindir(), "test_encrypted_secrets_tdb")])
2115 plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb", "none",
2116 [os.path.join(bindir(), "test_encrypted_secrets_mdb")])
2117 plantestsuite("lib.audit_logging.audit_logging", "none",
2118 [os.path.join(bindir(), "audit_logging_test")])
2119 plantestsuite("lib.audit_logging.audit_logging.errors", "none",
2120 [os.path.join(bindir(), "audit_logging_error_test")])
2121 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_util", "none",
2122 [os.path.join(bindir(), "test_audit_util")])
2123 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log", "none",
2124 [os.path.join(bindir(), "test_audit_log")])
2125 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log.errors", "none",
2126 [os.path.join(bindir(), "test_audit_log_errors")])
2127 plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit", "none",
2128 [os.path.join(bindir(), "test_group_audit")])
2129 plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit.errors", "none",
2130 [os.path.join(bindir(), "test_group_audit_errors")])
2131 plantestsuite("samba4.dcerpc.dnsserver.dnsutils", "none",
2132 [os.path.join(bindir(), "test_rpc_dns_server_dnsutils")])
2133 plantestsuite("libcli.drsuapi.repl_decrypt", "none",
2134 [os.path.join(bindir(), "test_repl_decrypt")])
2135 plantestsuite("librpc.ndr.ndr_string", "none",
2136 [os.path.join(bindir(), "test_ndr_string")])
2137 plantestsuite("librpc.ndr.ndr", "none",
2138 [os.path.join(bindir(), "test_ndr")])
2139 plantestsuite("librpc.ndr.ndr_macros", "none",
2140 [os.path.join(bindir(), "test_ndr_macros")])
2141 plantestsuite("librpc.ndr.ndr_dns_nbt", "none",
2142 [os.path.join(bindir(), "test_ndr_dns_nbt")])
2143 plantestsuite("libcli.ldap.ldap_message", "none",
2144 [os.path.join(bindir(), "test_ldap_message")])
2146 # process restart and limit tests, these break the environment so need to run
2147 # in their own specific environment
2148 planoldpythontestsuite("preforkrestartdc:local",
2149 "samba.tests.prefork_restart",
2151 os.path.join(srcdir(), 'python/samba/tests')],
2152 extra_args=['-U"$USERNAME%$PASSWORD"'],
2153 name="samba.tests.prefork_restart")
2154 planoldpythontestsuite("preforkrestartdc:local",
2155 "samba.tests.blackbox.smbcontrol_process",
2157 os.path.join(srcdir(), 'python/samba/tests')],
2158 extra_args=['-U"$USERNAME%$PASSWORD"'],
2159 name="samba.tests.blackbox.smbcontrol_process")
2160 planoldpythontestsuite("proclimitdc",
2161 "samba.tests.process_limits",
2163 os.path.join(srcdir(), 'python/samba/tests')],
2164 extra_args=['-U"$USERNAME%$PASSWORD"'],
2165 name="samba.tests.process_limits")
2167 planoldpythontestsuite("none", "samba.tests.usage")
2168 planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc")
2169 planoldpythontestsuite("none", "samba.tests.compression")