s4:selftest: also test samba4.ldb.simple.ldap with starttls and SASL-BIND

author Stefan Metzmacher <metze@samba.org>

Tue, 13 Feb 2024 15:04:57 +0000 (16:04 +0100)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 23 Apr 2024 23:50:34 +0000 (23:50 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 13 Feb 2024 15:04:57 +0000 (16:04 +0100)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 23 Apr 2024 23:50:34 +0000 (23:50 +0000)
diff --git a/selftest/expectedfail.d/samba4.ldb.simple.ldap-tls b/selftest/expectedfail.d/samba4.ldb.simple.ldap-tls

index 24b9b94a4284bebc78ac8c75f6245ca7e3036080..49f90c9d04e6b0e426646146adc0cf81bf847795 100644 (file)
--- a/selftest/expectedfail.d/samba4.ldb.simple.ldap-tls
+++ b/selftest/expectedfail.d/samba4.ldb.simple.ldap-tls
@@ -6,6 +6,7 @@
  # fl2003dc has ldap server require strong auth = yes
  # and correct channel bindings are required for TLS
  ^samba4.ldb.simple.ldaps.*SASL-BIND.*ldap_testing:tls_channel_bindings=no.*fl2003dc
+^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*ldap_testing:tls_channel_bindings=no.*fl2003dc
  # ad_dc_ntvfs and fl2008r2dc have
  # ldap server require strong auth = allow_sasl_without_tls_channel_bindings
  # it means correct channel bindings are required, if the client indicated
@@ -14,8 +15,14 @@
  # The following are in expectedfail_heimdal for now, as MIT
  # behaves differently:
  #^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
+#^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
  #^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
+#^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
  ^samba4.ldb.simple.ldaps.with.SASL-BIND.*ldap_testing:channel_bound=yes.*ldap_testing:forced_channel_binding=wRoNg
  ^samba4.ldb.simple.ldaps.with.SASL-BIND.*ldap_testing:channel_bound=no.*ldap_testing:forced_channel_binding=wRoNg
+^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*ldap_testing:channel_bound=yes.*ldap_testing:forced_channel_binding=wRoNg
+^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*ldap_testing:channel_bound=no.*ldap_testing:forced_channel_binding=wRoNg
  ^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
  ^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
+^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
+^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=disabled.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
diff --git a/selftest/expectedfail_heimdal b/selftest/expectedfail_heimdal

index 6415a6ebb229d19380287a8fe1363a2d556a44c0..db2cd5f9c7e62ade70b3b0be8ccef7abcd6ee979 100644 (file)
--- a/selftest/expectedfail_heimdal
+++ b/selftest/expectedfail_heimdal
@@ -9,4 +9,6 @@
  # https://github.com/heimdal/heimdal/pull/1234
  # https://github.com/krb5/krb5/pull/1329
  ^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
+^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*ad_dc_ntvfs
  ^samba4.ldb.simple.ldaps.with.SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
+^samba4.ldb.simple.ldap.starttls.*SASL-BIND.*use-kerberos=required.*ldap_testing:channel_bound=yes.*ldap_testing:tls_channel_bindings=no.*fl2008r2dc
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py

index 6410e3d1a8a4de274e3874db64695d87d9b75a78..556fd9bd490cd7ba2bfc2006bb85090037ef51c7 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -200,6 +200,9 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
          options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check" ' + auth_option
          plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
                        env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+        options += ' --option="clientldapsaslwrapping=starttls"'
+        plantestsuite("samba4.ldb.simple.ldap starttls with SASL-BIND %s(%s)" % (options, env),
+                      env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
  
  
  envraw = "fl2008r2dc"
author	Stefan Metzmacher <metze@samba.org>
	Tue, 13 Feb 2024 15:04:57 +0000 (16:04 +0100)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 23 Apr 2024 23:50:34 +0000 (23:50 +0000)
selftest/expectedfail.d/samba4.ldb.simple.ldap-tls		patch \| blob \| history
selftest/expectedfail_heimdal		patch \| blob \| history
source4/selftest/tests.py		patch \| blob \| history