'--use-kerberos=required --option=clientldapsaslwrapping=plain',
'--use-kerberos=required --client-protection=sign',
'--use-kerberos=required --client-protection=encrypt',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
'--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
'--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
'--use-kerberos=disabled --client-protection=sign',
'--use-kerberos=disabled --client-protection=encrypt',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
]
for auth_option in auth_options:
options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
- options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
- plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
- env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+
+ auth_options = [
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ ]
+ for auth_option in auth_options:
+ options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check" ' + auth_option
+ plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
+ env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+ options += ' --option="clientldapsaslwrapping=starttls"'
+ plantestsuite("samba4.ldb.simple.ldap starttls with SASL-BIND %s(%s)" % (options, env),
+ env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
+
envraw = "fl2008r2dc"
env = "%s:local" % envraw
for t in smbtorture4_testsuites("dsdb."):
plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
-ldbdir = os.path.join(srcdir(), "lib/ldb")
-# Don't run LDB tests when using system ldb, as we won't have ldbtest installed
-if os.path.exists(os.path.join(samba4bindir, "ldbtest")):
- plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir))
-else:
- skiptestsuite("ldb.base", "Using system LDB, ldbtest not available")
-
plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
"ad_dc_ntvfs:local",
[python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"),
for t in smbtorture4_testsuites("dns_internal."):
plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever')
+# These tests want to run on a barely changed fresh provision, before
+# too much happens to this environment, it is read only and local
+# (direct to the DB) so we use proclimitdc as it is otherwise empty
+# bar a test for process limits.
+planpythontestsuite("proclimitdc:local", "samba.tests.dsdb_quiet_provision_tests")
+
+# We want this local test to run in an environment where not much is happening that could use root keys
+planpythontestsuite("chgdcpass:local", "samba.tests.dsdb_quiet_env_tests")
+
# Local tests
for t in smbtorture4_testsuites("dlz_bind9."):
# The dlz_bind9 tests needs to look at the DNS database
planpythontestsuite("ad_dc_default", "samba.tests.blackbox.claims")
+planpythontestsuite("ad_dc_default", "samba.tests.blackbox.gmsa")
+
if have_heimdal_support:
plantestsuite("samba4.blackbox.kpasswd",
"ad_dc:local",
if have_gnutls_fips_mode_support:
planoldpythontestsuite("ad_dc",
- "samba.tests.dcerpc.createtrustrelax",
+ "samba.tests.dcerpc.lsa_utils",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
planoldpythontestsuite("ad_dc_fips",
- "samba.tests.dcerpc.createtrustrelax",
+ "samba.tests.dcerpc.lsa_utils",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_claim")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_policy")
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_silo")
+
+# This test needs to be run in an environment well apart from most
+# other tests as it deletes root keys and we don't want this to happen
+# where a gMSA account might be live.
+planpythontestsuite("chgdcpass", "samba.tests.samba_tool.domain_kds_root_key")
+
planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_models")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.service_account")
planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema")
planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl")
planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check")
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc",
"samba.tests.segfault",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
+ environ={"TALLOC_FREE_FILL": "0xab"})
# Need to test the password hashing in multiple environments to ensure that
# all the possible options are covered
#
'ad_dc',
'samba.tests.krb5.conditional_ace_tests',
environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.gkdi_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc:local',
+ 'samba.tests.krb5.gmsa_tests',
+ environ=krb5_environ)
for env in [
'vampire_dc',
planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc")
planoldpythontestsuite("none", "samba.tests.compression")
planpythontestsuite("none", "samba.tests.security_descriptors")
+
+if have_cluster_support:
+ cluster_environ = {
+ "SERVER_HOSTNAME": "$NETBIOSNAME",
+ "INTERFACE_GROUP_NAME": "$NETBIOSNAME",
+ "CLUSTER_SHARE": "registry_share",
+ "USERNAME": "$DC_USERNAME",
+ "PASSWORD": "$DC_PASSWORD",
+ }
+ planpythontestsuite("clusteredmember:local",
+ "samba.tests.blackbox.rpcd_witness_samba_only",
+ environ=cluster_environ)