from selftesthelpers import plantestsuite_loadlist
from selftesthelpers import skiptestsuite, source4dir, valgrindify
from selftesthelpers import smbtorture4_options, smbtorture4_testsuites
-from selftesthelpers import smbtorture4, ntlm_auth3, samba3srcdir
+from selftesthelpers import smbtorture4, samba3srcdir
print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr)
samba4srcdir = source4dir()
DSDB_PYTEST_DIR = os.path.join(samba4srcdir, "dsdb/tests/python/")
+subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
+
+
+def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None):
+ if extra_path is None:
+ extra_path = []
+ if environ is None:
+ environ = {}
+ if extra_args is None:
+ extra_args = []
+ environ = dict(environ)
+ py_path = list(extra_path)
+ if py_path:
+ environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
+ args = ["%s=%s" % item for item in environ.items()]
+ args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
+ args += extra_args
+ if name is None:
+ name = module
+ plantestsuite_loadlist(name, env, args)
+
samba4bindir = bindir()
validate = os.getenv("VALIDATE", "")
have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash)
+have_cluster_support = "CLUSTER_SUPPORT" in config_hash
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
'--use-kerberos=required --option=clientldapsaslwrapping=plain',
'--use-kerberos=required --client-protection=sign',
'--use-kerberos=required --client-protection=encrypt',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
'--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
'--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
'--use-kerberos=disabled --client-protection=sign',
'--use-kerberos=disabled --client-protection=encrypt',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
]
for auth_option in auth_options:
options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
- options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
- plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
- env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+
+ auth_options = [
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
+ '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
+ ]
+ for auth_option in auth_options:
+ options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check" ' + auth_option
+ plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
+ env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+ options += ' --option="clientldapsaslwrapping=starttls"'
+ plantestsuite("samba4.ldb.simple.ldap starttls with SASL-BIND %s(%s)" % (options, env),
+ env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
+
+
+envraw = "fl2008r2dc"
+env = "%s:local" % envraw
+plantestsuite("samba4.ldap_tls_reload(%s)" % (env), env,
+ "%s/test_ldap_tls_reload.sh $PREFIX_ABS $PREFIX_ABS/%s/private/tls $SERVER.$REALM" % (bbdir, envraw))
for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
for t in smbtorture4_testsuites("dsdb."):
plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
-ldbdir = os.path.join(srcdir(), "lib/ldb")
-# Don't run LDB tests when using system ldb, as we won't have ldbtest installed
-if os.path.exists(os.path.join(samba4bindir, "ldbtest")):
- plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir))
-else:
- skiptestsuite("ldb.base", "Using system LDB, ldbtest not available")
-
plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
"ad_dc_ntvfs:local",
[python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"),
"samba.tests.sddl"
])
+plantestsuite_loadlist("samba.tests.sddl_conditional_ace",
+ "none",
+ [python,
+ '-msamba.subunit.run',
+ '$LOADLIST',
+ "$LISTOPT"
+ "samba.tests.sddl_conditional_ace"
+ ])
+
for t in smbtorture4_testsuites("dns_internal."):
plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever')
+# These tests want to run on a barely changed fresh provision, before
+# too much happens to this environment, it is read only and local
+# (direct to the DB) so we use proclimitdc as it is otherwise empty
+# bar a test for process limits.
+planpythontestsuite("proclimitdc:local", "samba.tests.dsdb_quiet_provision_tests")
+
+# We want this local test to run in an environment where not much is happening that could use root keys
+planpythontestsuite("chgdcpass:local", "samba.tests.dsdb_quiet_env_tests")
+
# Local tests
for t in smbtorture4_testsuites("dlz_bind9."):
# The dlz_bind9 tests needs to look at the DNS database
plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
+plantestsuite("samba4.blackbox.test_alias_membership", "ad_member_idmap_rid:local", [os.path.join(bbdir, "test_alias_membership.sh"), '$PREFIX_ABS'])
+
plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
+planpythontestsuite("ad_dc_default", "samba.tests.blackbox.claims")
+
+planpythontestsuite("ad_dc_default", "samba.tests.blackbox.gmsa")
+
if have_heimdal_support:
- plantestsuite("samba4.blackbox.kinit",
- "ad_dc:local",
- [
- os.path.join(bbdir, "test_kinit_heimdal.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$PREFIX',
- "aes256-cts-hmac-sha1-96",
- smbclient3,
- configuration
- ])
- plantestsuite("samba4.blackbox.kinit",
- "fl2000dc:local",
- [
- os.path.join(bbdir, "test_kinit_heimdal.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$PREFIX',
- "arcfour-hmac-md5",
- smbclient3,
- configuration
- ])
- plantestsuite("samba4.blackbox.kinit",
- "fl2008r2dc:local",
- [
- os.path.join(bbdir, "test_kinit_heimdal.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$PREFIX',
- "aes256-cts-hmac-sha1-96",
- smbclient3,
- configuration
- ])
- plantestsuite("samba4.blackbox.kinit_trust",
- "fl2008r2dc:local",
- [
- os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$TRUST_SERVER',
- '$TRUST_USERNAME',
- '$TRUST_PASSWORD',
- '$TRUST_REALM',
- '$TRUST_DOMAIN',
- '$PREFIX',
- "forest",
- "aes256-cts-hmac-sha1-96"
- ])
- plantestsuite("samba4.blackbox.kinit_trust",
- "fl2003dc:local",
- [
- os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$TRUST_SERVER',
- '$TRUST_USERNAME',
- '$TRUST_PASSWORD',
- '$TRUST_REALM',
- '$TRUST_DOMAIN',
- '$PREFIX',
- "external",
- "arcfour-hmac-md5"
- ])
- plantestsuite("samba4.blackbox.kinit_trust",
- "fl2000dc:local",
- [
- os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$TRUST_SERVER',
- '$TRUST_USERNAME',
- '$TRUST_PASSWORD',
- '$TRUST_REALM',
- '$TRUST_DOMAIN',
- '$PREFIX',
- "external",
- "arcfour-hmac-md5"
- ])
- plantestsuite("samba4.blackbox.export.keytab",
- "ad_dc:local",
- [
- os.path.join(bbdir, "test_export_keytab_heimdal.sh"),
- '$SERVER',
- '$USERNAME',
- '$REALM',
- '$DOMAIN',
- "$PREFIX",
- smbclient3
- ])
plantestsuite("samba4.blackbox.kpasswd",
"ad_dc:local",
[
'$PASSWORD',
'$REALM',
'$DOMAIN',
- "$PREFIX"
+ "$PREFIX",
+ configuration
])
plantestsuite("samba4.blackbox.krb5.s4u",
"fl2008r2dc:local",
configuration
])
else:
- plantestsuite("samba4.blackbox.kinit",
- "ad_dc:local",
- [
- os.path.join(bbdir, "test_kinit_mit.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$PREFIX',
- smbclient3,
- configuration
- ])
- plantestsuite("samba4.blackbox.kinit",
- "fl2000dc:local",
- [
- os.path.join(bbdir, "test_kinit_mit.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$PREFIX',
- smbclient3,
- configuration
- ])
- plantestsuite("samba4.blackbox.kinit",
- "fl2008r2dc:local",
- [
- os.path.join(bbdir, "test_kinit_mit.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$PREFIX',
- smbclient3,
- configuration
- ])
- plantestsuite("samba4.blackbox.kinit_trust",
- "fl2008r2dc:local",
- [
- os.path.join(bbdir, "test_kinit_trusts_mit.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$TRUST_SERVER',
- '$TRUST_USERNAME',
- '$TRUST_PASSWORD',
- '$TRUST_REALM',
- '$TRUST_DOMAIN',
- '$PREFIX',
- "forest"
- ])
- plantestsuite("samba4.blackbox.kinit_trust",
- "fl2003dc:local",
- [
- os.path.join(bbdir, "test_kinit_trusts_mit.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$TRUST_SERVER',
- '$TRUST_USERNAME',
- '$TRUST_PASSWORD',
- '$TRUST_REALM',
- '$TRUST_DOMAIN',
- '$PREFIX',
- "external"
- ])
- plantestsuite("samba4.blackbox.kinit_trust",
- "fl2000dc:local",
- [
- os.path.join(bbdir, "test_kinit_trusts_mit.sh"),
- '$SERVER',
- '$USERNAME',
- '$PASSWORD',
- '$REALM',
- '$DOMAIN',
- '$TRUST_SERVER',
- '$TRUST_USERNAME',
- '$TRUST_PASSWORD',
- '$TRUST_REALM',
- '$TRUST_DOMAIN',
- '$PREFIX',
- "external"
- ])
- plantestsuite("samba4.blackbox.export.keytab",
- "ad_dc:local",
- [
- os.path.join(bbdir, "test_export_keytab_mit.sh"),
- '$SERVER',
- '$USERNAME',
- '$REALM',
- '$DOMAIN',
- "$PREFIX",
- smbclient3
- ])
plantestsuite("samba4.blackbox.kpasswd",
"ad_dc:local",
[
'$PASSWORD',
'$REALM',
'$DOMAIN',
- "$PREFIX"
+ "$PREFIX",
+ configuration
])
+plantestsuite("samba4.blackbox.kinit_simple",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_kinit.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$PREFIX',
+ smbclient3,
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_simple",
+ "fl2000dc:local",
+ [
+ os.path.join(bbdir, "test_kinit.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$PREFIX',
+ smbclient3,
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_simple",
+ "fl2008r2dc:local",
+ [
+ os.path.join(bbdir, "test_kinit.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$PREFIX',
+ smbclient3,
+ configuration
+ ])
+
+
+plantestsuite("samba4.blackbox.kinit_trust",
+ "fl2008r2dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_trusts.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$TRUST_SERVER',
+ '$TRUST_USERNAME',
+ '$TRUST_PASSWORD',
+ '$TRUST_REALM',
+ '$TRUST_DOMAIN',
+ '$PREFIX',
+ "forest",
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_trust",
+ "fl2003dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_trusts.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$TRUST_SERVER',
+ '$TRUST_USERNAME',
+ '$TRUST_PASSWORD',
+ '$TRUST_REALM',
+ '$TRUST_DOMAIN',
+ '$PREFIX',
+ "external",
+ configuration
+ ])
+plantestsuite("samba4.blackbox.kinit_trust",
+ "fl2000dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_trusts.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ '$TRUST_SERVER',
+ '$TRUST_USERNAME',
+ '$TRUST_PASSWORD',
+ '$TRUST_REALM',
+ '$TRUST_DOMAIN',
+ '$PREFIX',
+ "external",
+ configuration
+ ])
+
+plantestsuite("samba4.blackbox.kinit.export.keytab",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_kinit_export_keytab.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$REALM',
+ '$DOMAIN',
+ "$PREFIX",
+ smbclient3,
+ configuration
+ ])
+
plantestsuite("samba4.blackbox.pkinit_simple",
"ad_dc:local",
[os.path.join(bbdir, "test_pkinit_simple.sh"),
plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
plantestsuite("samba4.blackbox.trust_token", "fl2000dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
-plantestsuite("samba4.blackbox.password_settings(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_password_settings.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
+plantestsuite("samba4.blackbox.password_settings",
+ "ad_dc:local",
+ [
+ os.path.join(bbdir, "test_password_settings.sh"),
+ '$SERVER',
+ '$USERNAME',
+ '$PASSWORD',
+ '$REALM',
+ '$DOMAIN',
+ "$PREFIX",
+ configuration
+ ])
plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
-plantestsuite("samba4.blackbox.rfc2307_mapping(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
+plantestsuite("samba4.blackbox.rfc2307_mapping",
+ "ad_dc:local",
+ [
+ os.path.join(samba4srcdir,
+ "../nsswitch/tests/test_rfc2307_mapping.sh"),
+ '$DOMAIN',
+ '$USERNAME',
+ '$PASSWORD',
+ "$SERVER",
+ "$UID_RFC2307TEST",
+ "$GID_RFC2307TEST",
+ configuration
+ ])
plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3])
plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
-plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID'])
+plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID', configuration])
env = "ad_member:local"
plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env,
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth")
+plantestsuite(
+ "samba.wbinfo_u_large_ad.(ad_dc:local)",
+ "ad_dc:local",
+ [os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")])
+
for env in ["ktest"]:
planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5")
else:
skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
-subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
-
-
-def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None):
- if extra_path is None:
- extra_path = []
- if environ is None:
- environ = {}
- if extra_args is None:
- extra_args = []
- environ = dict(environ)
- py_path = list(extra_path)
- if py_path:
- environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
- args = ["%s=%s" % item for item in environ.items()]
- args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
- args += extra_args
- if name is None:
- name = module
- plantestsuite_loadlist(name, env, args)
if have_gnutls_fips_mode_support:
planoldpythontestsuite("ad_dc",
- "samba.tests.dcerpc.createtrustrelax",
+ "samba.tests.dcerpc.lsa_utils",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
planoldpythontestsuite("ad_dc_fips",
- "samba.tests.dcerpc.createtrustrelax",
+ "samba.tests.dcerpc.lsa_utils",
environ={'GNUTLS_FORCE_FIPS_MODE': '1',
'OPENSSL_FORCE_FIPS_MODE': '1'})
for testenv in [mdb_testenv, tdb_testenv]:
planoldpythontestsuite(testenv, "samba.tests.complex_expressions", extra_args=['-U"$USERNAME%$PASSWORD"'])
-planoldpythontestsuite("ad_dc_default:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
+# samba.tests.gensec is only run in ad_dc to ensure it runs with and
+# MIT and Heimdal build, it can run against any environment that
+# supports FAST
+planoldpythontestsuite("ad_dc:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
+
planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.sam")
planpythontestsuite("ad_dc_default:local", "samba.tests.dsdb")
+planpythontestsuite("none", "samba.tests.samba_startup_fl_change")
planpythontestsuite("none", "samba.tests.dsdb_lock")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.bare")
planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.lsa")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.timecmd")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.join")
+planpythontestsuite("ad_dc_default:local", "samba.tests.ldap_whoami")
planpythontestsuite("ad_member_s3_join", "samba.tests.samba_tool.join_member")
planpythontestsuite("ad_dc_default",
"samba.tests.samba_tool.join_lmdb_size")
for env in all_fl_envs:
planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo")
+# test getpassword for group managed service accounts
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_getpassword_gmsa")
+
# test samba-tool user, group, contact and computer edit command
for env in all_fl_envs:
env += ":local"
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_policy")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_silo")
for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]:
planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest")
for env, nt_hash in [("ad_dc:local", True),
("ad_dc_no_ntlm:local", False)]:
planpythontestsuite(env, "samba.tests.samba_tool.user",
environ={"EXPECT_NT_HASH": int(nt_hash)})
+ # test get-kerberos-ticket for locally accessible and group managed service accounts
+ planpythontestsuite(env, "samba.tests.samba_tool.user_get_kerberos_ticket")
planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword")
planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg")
planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.contact")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.forest")
planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.schema")
-planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.claim")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_claim")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_policy")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_silo")
+
+# This test needs to be run in an environment well apart from most
+# other tests as it deletes root keys and we don't want this to happen
+# where a gMSA account might be live.
+planpythontestsuite("chgdcpass", "samba.tests.samba_tool.domain_kds_root_key")
+
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_models")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.service_account")
planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema")
planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl")
planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check")
planoldpythontestsuite("ad_dc", "samba.tests.sid_strings")
# Run the import test in environments that may not have the ad-dc built
-for env in ['fileserver_smb1', 'nt4_member', 'clusteredmember', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']:
+envs = ['fileserver_smb1', 'nt4_member', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']
+if have_cluster_support:
+ envs.append('clusteredmember')
+for env in envs:
planoldpythontestsuite(env, "samba.tests.imports")
have_fast_support = 1
claims_support = 1
-compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
-if ('SAMBA4_USES_HEIMDAL' in config_hash or
- 'HAVE_MIT_KRB5_1_20' in config_hash):
- tkt_sig_support = 1
-else:
- tkt_sig_support = 0
-
-if 'SAMBA4_USES_HEIMDAL' in config_hash:
- full_sig_support = 1
-else:
- full_sig_support = 0
-
-gnutls_pbkdf2_support = int('HAVE_GNUTLS_PBKDF2' in config_hash)
-if 'HAVE_MIT_KRB5_1_20' in config_hash:
- kadmin_is_tgs = 1
-else:
- kadmin_is_tgs = 0
+# MIT
+kadmin_is_tgs = int('SAMBA4_USES_HEIMDAL' not in config_hash)
+# Heimdal
+compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash)
+expect_nt_status = int('SAMBA4_USES_HEIMDAL' in config_hash)
+as_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
+tgs_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
+
+ca_dir = os.path.join('selftest', 'manage-ca', 'CA-samba.example.com')
+
+# This certificate is currently used just to get the name of the certificate
+# issuer.
+ca_cert_path = os.path.join(ca_dir,
+ 'DCs',
+ 'addc.addom.samba.example.com',
+ 'DC-addc.addom.samba.example.com-cert.pem')
+
+# The private key is used to issue new certificates.
+ca_private_key_path = os.path.join(ca_dir,
+ 'Private',
+ 'CA-samba.example.com-private-key.pem')
+ca_pass = '1234'
+
krb5_environ = {
'SERVICE_USERNAME': '$SERVER',
'ADMIN_USERNAME': '$DC_USERNAME',
'FAST_SUPPORT': have_fast_support,
'CLAIMS_SUPPORT': claims_support,
'COMPOUND_ID_SUPPORT': compound_id_support,
- 'TKT_SIG_SUPPORT': tkt_sig_support,
- 'FULL_SIG_SUPPORT': full_sig_support,
- 'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname,
'CHECK_PADATA': check_padata,
'KADMIN_IS_TGS': kadmin_is_tgs,
+ 'EXPECT_NT_STATUS': expect_nt_status,
+ 'AS_REQ_LOGGING_SUPPORT': as_req_logging_support,
+ 'TGS_REQ_LOGGING_SUPPORT': tgs_req_logging_support,
+ 'CA_CERT': ca_cert_path,
+ 'CA_PRIVATE_KEY': ca_private_key_path,
+ 'CA_PASS': ca_pass,
}
planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
planoldpythontestsuite("none", "samba.tests.krb5.claims_in_pac")
environ={'CLIENT_IP': '10.53.57.11',
'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change",
- extra_args=['-U"$USERNAME%$PASSWORD"'],
- environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
+ extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change",
- extra_args=['-U"$USERNAME%$PASSWORD"'],
- environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
+ extra_args=['-U"$USERNAME%$PASSWORD"'])
# these tests use a NCA local RPC connection, so always run on the
# :local testenv, and so don't need to fake a client connection
"samba.tests.auth_log_winbind",
extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
- extra_args=['-U"$USERNAME%$PASSWORD"'],
- environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
+ extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
extra_args=['-U"$USERNAME%$PASSWORD"'])
-planoldpythontestsuite("fl2008r2dc:local",
+planoldpythontestsuite("fl2008r2dc",
"samba.tests.getdcname",
extra_args=['-U"$USERNAME%$PASSWORD"'])
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc",
"samba.tests.segfault",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
+ environ={"TALLOC_FREE_FILL": "0xab"})
# Need to test the password hashing in multiple environments to ensure that
# all the possible options are covered
#
# Run smbcacls_propagate_inhertance tests on non msdfs root share
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_propagate_inhertance")
+planoldpythontestsuite("fileserver",
+ "samba.tests.blackbox.smbcacls_save_restore")
+planoldpythontestsuite("ad_member",
+ "samba.tests.blackbox.smbcacls_save_restore",
+ environ={'USER': '$DC_USERNAME',
+ 'PASSWORD' : '$DC_PASSWORD'}
+ )
+
#
# A) Run the smbcacls_propagate_inhertance tests on a msdfs root share
# *without* any nested dfs links
planoldpythontestsuite("ad_dc_default", "sort", environ={'SERVER' : '$SERVER', 'DATA_DIR' : os.path.join(samba4srcdir, 'dsdb/tests/python/testdata/')}, name="samba4.ldap.sort.python", extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
-plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc)", "ad_dc:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)",
"ad_dc_ntvfs:local",
# we also test joining backupfromdc here, as it's a bit special in that it
# doesn't have Default-First-Site-Name
for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
- 'labdc']:
+ 'labdc']:
# basic test that we can join the testenv DC
plantestsuite("samba4.blackbox.join_ldapcmp", env,
["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.replica_sync_rodc.python(rodc)",
environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
- extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
planoldpythontestsuite("ad_dc_default_smb1", "password_settings",
extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
# That is why this test is run on the isolated environment and not on
# those connected with ad_dc (vampiredc/promoteddc)
#
-# The chgdcpass enviroment is likewise isolated and emulates Samba 4.5
+# The chgdcpass environment is likewise isolated and emulates Samba 4.5
# with regard to GET_ANC
env = 'schema_pair_dc'
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.link_conflicts.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
- extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
# Environment chgdcpass has the Samba 4.5 GET_ANC behaviour, which we
# set a knownfail to expect
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
# A side-effect of the getncchanges tests is that they will create hundreds of
-# tombstone objects, so run them last to avoid interferring with (and slowing
+# tombstone objects, so run them last to avoid interfering with (and slowing
# down) the other DRS tests
for env in ['vampire_dc', 'promoted_dc']:
planoldpythontestsuite(env, "getncchanges",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.getncchanges.python(%s)" % env,
environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
- extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
for env in ['ad_dc_ntvfs']:
planoldpythontestsuite(env, "repl_rodc",
'DC_SERVER_IPV6': '$SERVER_IPV6',
'FORCED_RC4': int(forced_rc4),
})
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.authn_policy_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.pkinit_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.conditional_ace_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc',
+ 'samba.tests.krb5.gkdi_tests',
+ environ=krb5_environ)
+planoldpythontestsuite(
+ 'ad_dc:local',
+ 'samba.tests.krb5.gmsa_tests',
+ environ=krb5_environ)
for env in [
'vampire_dc',
[os.path.join(bindir(), "test_ndr_macros")])
plantestsuite("librpc.ndr.ndr_dns_nbt", "none",
[os.path.join(bindir(), "test_ndr_dns_nbt")])
+plantestsuite("librpc.ndr.test_ndr_gmsa", "none",
+ [os.path.join(bindir(), "test_ndr_gmsa")])
plantestsuite("libcli.ldap.ldap_message", "none",
[os.path.join(bindir(), "test_ldap_message")])
planoldpythontestsuite("none", "samba.tests.usage")
planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc")
planoldpythontestsuite("none", "samba.tests.compression")
+planpythontestsuite("none", "samba.tests.security_descriptors")
+
+if have_cluster_support:
+ cluster_environ = {
+ "SERVER_HOSTNAME": "$NETBIOSNAME",
+ "INTERFACE_GROUP_NAME": "$NETBIOSNAME",
+ "CLUSTER_SHARE": "registry_share",
+ "USERNAME": "$DC_USERNAME",
+ "PASSWORD": "$DC_PASSWORD",
+ }
+ planpythontestsuite("clusteredmember:local",
+ "samba.tests.blackbox.rpcd_witness_samba_only",
+ environ=cluster_environ)
git.samba.org / samba.git / blobdiff