[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sun Dec 10 22:23:02 UTC 2023
The branch, master has been updated
via f2f7ed419e0 s3:utils: Fix auth callback with smburl
via 5b38f3be8cb s3:tests: Add interactive smbget test for password entry
via a7622bc7db0 auth:creds: Add cli_credentials_get_domain_and_obtained()
via 1041dae03f0 auth:creds: Fix cli_credentials_get_password_and_obtained() with callback
via ab4b25964a4 auth:creds:tests: Add test for password callback
via c46769f3f10 s3:tests: Fix smbget test
via 1a04fd255c2 s3:tests: Remove the non-working test_kerberos_upn_denied of smbget
via 468fb05d635 s3:tests: Fix the test_kerberos_trust in smbget testsuite
via 62b0b79ce06 s3:tests: Fix test_kerberos in smbget tests
via 337034e675a s3:tests: Pass down a normal domain user for test_smbget.sh
via 56d0c3a0263 selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
via a2af6946f5e selftest: Remove trailing tabs/white spaces in Samba4.pm
via c14c5dec09f s3:tests: Fix authentication with smbget_user in smbget tests
via 646046cb583 selftest/knownfail: move more parts to expectedfail.d/ntlm-auth
via 54f95df693b selftest/knownfail: move some parts to expectedfail.d/ntlm-auth
via 5af5f9807d7 selftest/knownfail.d: move encrypted_secrets to expectedfail.d
via 2497a4afe50 selftest/knownfail.d: move ntlmv1-restrictions to expectedfail.d
via bac2559746f selftest/knownfail.d: move samba-4.5-emulation to expectedfail.d
via f60d794666a selftest/knownfail.d: move labdc to expectedfail.d
via 3ea40efe046 selftest/knownfail.d: remove empty files
via 7a6d9a7217b selftest/knownfail.d: README memntions expectedfail.d
via 04ed1206057 selftest: add an expectedfail directory
from 992f7625211 selftest: Remove unused import
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f2f7ed419e03e5ae8cc85f42af5b2bcf91abefe2
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 6 13:16:53 2023 +0100
s3:utils: Fix auth callback with smburl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Dec 10 22:22:51 UTC 2023 on atb-devel-224
commit 5b38f3be8cb986aa2db3aab5c3c3d2e8739893ce
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 6 15:58:08 2023 +0100
s3:tests: Add interactive smbget test for password entry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a7622bc7db093558c6f6e3da4d2a899a764dec09
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 6 13:26:43 2023 +0100
auth:creds: Add cli_credentials_get_domain_and_obtained()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1041dae03f0f7e9e2b6b4a649eb1d298a34ce699
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 6 13:06:42 2023 +0100
auth:creds: Fix cli_credentials_get_password_and_obtained() with callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ab4b25964a43a1ef550f10580ad395e178fe647e
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 6 13:16:26 2023 +0100
auth:creds:tests: Add test for password callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c46769f3f10d21ed802e17aa79ae17e345168e63
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 7 09:47:14 2023 +0100
s3:tests: Fix smbget test
Time to fix the smget share to not have `guest ok = yes` set. A new
[smbget_guest] will be used for guest only tests. This way we can
correctly test different authentication mechanisms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1a04fd255c2c94e01bda9840bfd6b372007bb3c7
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 7 13:11:46 2023 +0100
s3:tests: Remove the non-working test_kerberos_upn_denied of smbget
See TODO code comment for details.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 468fb05d6357779228e411076e286abcdb70cf96
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 7 11:43:33 2023 +0100
s3:tests: Fix the test_kerberos_trust in smbget testsuite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 62b0b79ce065246417996dec61afa6a10f6ab99b
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 7 10:51:32 2023 +0100
s3:tests: Fix test_kerberos in smbget tests
We switched to a temporary directory, so $PREFIX doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 337034e675aaeb366d360a791ec0d003426230af
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 7 09:45:54 2023 +0100
s3:tests: Pass down a normal domain user for test_smbget.sh
It is better to test with a normal user than administrator.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 56d0c3a0263ed166452c129219e7a391ba4d014c
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 8 13:07:19 2023 +0100
selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
We should start using those in future. So we can distinguish which
privileges we want. Currently DC_USERNAME is the Administrator. Whatever
possible should use DOMIAN_USER instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a2af6946f5e53b7d954aa54d3d115dbe4975b1c4
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 8 13:06:27 2023 +0100
selftest: Remove trailing tabs/white spaces in Samba4.pm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c14c5dec09fe1c86b29b3091ad521e73a2e1c3e9
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 7 09:18:26 2023 +0100
s3:tests: Fix authentication with smbget_user in smbget tests
Currently the smget share is broken. We set `guest ok = yes` so if you
specify invalid names, the authentication will still succeed as we
are mapped to guest.
The smbget_user is a local ad_member user. We need to set the
workstation as the "domain" for the user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 646046cb5834f01108d36ad62e7930c1ff21c6e1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:59:33 2023 +1300
selftest/knownfail: move more parts to expectedfail.d/ntlm-auth
Here NTLM is disabled, so failure is intended.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 54f95df693b6d436584ae9dc4f81eaed5134cd77
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:58:10 2023 +1300
selftest/knownfail: move some parts to expectedfail.d/ntlm-auth
Where NETLOGON is disabled, the failure is intended.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5af5f9807d7923e672408e4b328d0d102f04727d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:37:39 2023 +1300
selftest/knownfail.d: move encrypted_secrets to expectedfail.d
From the file itself:
> # The fl2000dc environment is provisioned with the --plaintext-secrets option
> # running the ecnrypted secrets tests on it and expecting them to fail.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2497a4afe50e6a5d22047b9a9594e9c4cd93e6d5
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:31:34 2023 +1300
selftest/knownfail.d: move ntlmv1-restrictions to expectedfail.d
These tests have been set up to fail by smb.conf options, partly
in order to test those options.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bac2559746f2a3d856816d7ac461734490d14c05
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:22:16 2023 +1300
selftest/knownfail.d: move samba-4.5-emulation to expectedfail.d
These tests are expected to fail because the handling of GET_ANC has
deliberately been degraded in this environment (in order to test an
upgrade path, long story).
> We now show this is in effect by the fact that tests now fail.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f60d794666a77c70153da4fe713cc1ca886f8029
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:18:25 2023 +1300
selftest/knownfail.d: move labdc to expectedfail.d
To quote the original commit:
> Note that the rpc.echo tests for the testallowed and testdenied users
> fail, because we don't backup the secrets for these users. So these
> tests failing proves that the lab-DC testenv is correct.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3ea40efe046a4064d2ff3a35f439a2ada6179027
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:07:47 2023 +1300
selftest/knownfail.d: remove empty files
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7a6d9a7217bb84741cc0e4c3fec1db3dca7e2f5c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:06:08 2023 +1300
selftest/knownfail.d: README memntions expectedfail.d
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 04ed1206057d7b08ae8c6270e1a6fcbc071e3844
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Dec 8 16:05:36 2023 +1300
selftest: add an expectedfail directory
We have some tests that are not only known to fail, but which are
intended to fail.
For example, to quote selftest/knownfail.d/dns:
> # These tests are expected to fail because we want to ensure that
> # unauthenticated updates are not permitted against the default
> # configuration, nor against an RODC
In contrast to selftest/knownfail.d/uac_objectclass_restrict, which
says:
> # All these tests need to be fixed and the entries here removed
That one should stay in selftest/knownfail.d.
Some files are mixed. For example, there are lines in
selftest/knownfail.d/smb1-tests which were added in *commits* that say
> We also need to add a knownfail (which will not be removed) for the
> new test which will fail in smb1 envs
but it is not clear to me that the whole file is expected to always
fail.
By moving some knownfails here, we allow selftest/knownfail.d to be a
bit more like a TODO list, containing things that actually constitute
failure.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 26 +++-
auth/credentials/credentials.h | 3 +
auth/credentials/tests/test_creds.c | 38 ++++++
selftest/expectedfail.d/README | 22 ++++
.../encrypted_secrets | 0
selftest/{knownfail.d => expectedfail.d}/labdc | 0
selftest/expectedfail.d/ntlm-auth | 21 +++
selftest/expectedfail.d/ntlmdisabled | 6 +
.../ntlmv1-restrictions | 0
.../samba-4.5-emulation | 0
selftest/knownfail | 27 ----
selftest/knownfail.d/README | 4 +
selftest/knownfail.d/bug-14236 | 0
selftest/knownfail.d/dns_packet | 0
selftest/knownfail.d/keytab | 0
selftest/knownfail.d/lzxpress | 0
selftest/knownfail.d/sddl | 0
selftest/knownfail.d/smbcacls | 0
selftest/target/Samba.pm | 4 +
selftest/target/Samba3.pm | 28 ++++
selftest/target/Samba4.pm | 16 ++-
selftest/wscript | 1 +
source3/script/tests/test_smbget.sh | 146 ++++++++++++++-------
source3/selftest/tests.py | 2 +
source3/utils/smbget.c | 40 +++++-
25 files changed, 296 insertions(+), 88 deletions(-)
create mode 100644 selftest/expectedfail.d/README
rename selftest/{knownfail.d => expectedfail.d}/encrypted_secrets (100%)
rename selftest/{knownfail.d => expectedfail.d}/labdc (100%)
create mode 100644 selftest/expectedfail.d/ntlm-auth
create mode 100644 selftest/expectedfail.d/ntlmdisabled
rename selftest/{knownfail.d => expectedfail.d}/ntlmv1-restrictions (100%)
rename selftest/{knownfail.d => expectedfail.d}/samba-4.5-emulation (100%)
delete mode 100644 selftest/knownfail.d/bug-14236
delete mode 100644 selftest/knownfail.d/dns_packet
delete mode 100644 selftest/knownfail.d/keytab
delete mode 100644 selftest/knownfail.d/lzxpress
delete mode 100644 selftest/knownfail.d/sddl
delete mode 100644 selftest/knownfail.d/smbcacls
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index ab5efd90f26..20ab858e67b 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -465,11 +465,13 @@ _PUBLIC_ const char *
cli_credentials_get_password_and_obtained(struct cli_credentials *cred,
enum credentials_obtained *obtained)
{
+ const char *password = cli_credentials_get_password(cred);
+
if (obtained != NULL) {
*obtained = cred->password_obtained;
}
- return cli_credentials_get_password(cred);
+ return password;
}
/* Set a password on the credentials context, including an indication
@@ -736,6 +738,28 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
return cred->domain;
}
+/**
+ * @brief Obtain the domain for this credential context.
+ *
+ * @param[in] cred The credential context.
+ *
+ * @param[out] obtained A pointer to store the obtained information.
+ *
+ * @return The domain name or NULL if an error occurred.
+ */
+_PUBLIC_ const char *cli_credentials_get_domain_and_obtained(
+ struct cli_credentials *cred,
+ enum credentials_obtained *obtained)
+{
+ const char *domain = cli_credentials_get_domain(cred);
+
+ if (obtained != NULL) {
+ *obtained = cred->domain_obtained;
+ }
+
+ return domain;
+}
+
_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
const char *val,
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 3ad40267e2e..341c984f60c 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -127,6 +127,9 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
const char *cli_credentials_get_domain(struct cli_credentials *cred);
+const char *cli_credentials_get_domain_and_obtained(
+ struct cli_credentials *cred,
+ enum credentials_obtained *obtained);
struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
index a2f9642bfe0..2cb2e6d0e34 100644
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -48,6 +48,7 @@ static void torture_creds_init(void **state)
const char *username = NULL;
const char *domain = NULL;
const char *password = NULL;
+ enum credentials_obtained dom_obtained = CRED_UNINITIALISED;
enum credentials_obtained usr_obtained = CRED_UNINITIALISED;
enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
bool ok;
@@ -65,6 +66,11 @@ static void torture_creds_init(void **state)
domain = cli_credentials_get_domain(creds);
assert_string_equal(domain, "WURST");
+ domain = cli_credentials_get_domain_and_obtained(creds,
+ &dom_obtained);
+ assert_int_equal(dom_obtained, CRED_SPECIFIED);
+ assert_string_equal(domain, "WURST");
+
username = cli_credentials_get_username(creds);
assert_null(username);
ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
@@ -285,6 +291,37 @@ static void torture_creds_gensec_feature(void **state)
assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN);
}
+static const char *torture_get_password(struct cli_credentials *creds)
+{
+ return talloc_strdup(creds, "SECRET");
+}
+
+static void torture_creds_password_callback(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct cli_credentials *creds = NULL;
+ const char *password = NULL;
+ enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
+ bool ok;
+
+ creds = cli_credentials_init(mem_ctx);
+ assert_non_null(creds);
+
+ ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED);
+ assert_true(ok);
+ ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
+ assert_true(ok);
+
+ ok = cli_credentials_set_password_callback(creds, torture_get_password);
+ assert_true(ok);
+ assert_int_equal(creds->password_obtained, CRED_CALLBACK);
+
+ password = cli_credentials_get_password_and_obtained(creds,
+ &pwd_obtained);
+ assert_int_equal(pwd_obtained, CRED_CALLBACK_RESULT);
+ assert_string_equal(password, "SECRET");
+}
+
int main(int argc, char *argv[])
{
int rc;
@@ -296,6 +333,7 @@ int main(int argc, char *argv[])
cmocka_unit_test(torture_creds_parse_string),
cmocka_unit_test(torture_creds_krb5_state),
cmocka_unit_test(torture_creds_gensec_feature),
+ cmocka_unit_test(torture_creds_password_callback)
};
if (argc == 2) {
diff --git a/selftest/expectedfail.d/README b/selftest/expectedfail.d/README
new file mode 100644
index 00000000000..5473e6cc9a1
--- /dev/null
+++ b/selftest/expectedfail.d/README
@@ -0,0 +1,22 @@
+# Files in this directory contain lists of regular expressions
+# matching the names of tests that are *necessarily* expected to fail.
+#
+# "make test" will not report failures for tests listed here and will
+# consider a successful run for any of these tests an error.
+#
+# They differ from the knownfail tests (selftest/knownfail.d) in that
+# the lack of failure here is definitely a problem. The knownfail
+# tests might be fixed one day, even accidentally, but these ones will
+# not.
+#
+# Before adding tests here, consider rewriting the test so that the
+# expected result is a failure. The tests in here are typically
+# testing the use of some protocol or feature on a server that has
+# that feature turned off. The same tests will also be run against
+# another server where they do not fail. The downside of this method
+# is we don't know that these expected fail tests are failing in the
+# right way.
+#
+# Empty lines and lines beginning with '#' are ignored.
+#
+# Please don't add tests to this README!
diff --git a/selftest/knownfail.d/encrypted_secrets b/selftest/expectedfail.d/encrypted_secrets
similarity index 100%
rename from selftest/knownfail.d/encrypted_secrets
rename to selftest/expectedfail.d/encrypted_secrets
diff --git a/selftest/knownfail.d/labdc b/selftest/expectedfail.d/labdc
similarity index 100%
rename from selftest/knownfail.d/labdc
rename to selftest/expectedfail.d/labdc
diff --git a/selftest/expectedfail.d/ntlm-auth b/selftest/expectedfail.d/ntlm-auth
new file mode 100644
index 00000000000..f4cfd645833
--- /dev/null
+++ b/selftest/expectedfail.d/ntlm-auth
@@ -0,0 +1,21 @@
+# NETLOGON is disabled in any non-DC environments
+^samba.tests.netlogonsvc.python\(ad_member\)
+^samba.tests.netlogonsvc.python\(simpleserver\)
+^samba.tests.netlogonsvc.python\(fileserver\)
+# NETLOGON is disabled in any non-DC environments
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_2nd_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_08_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cmpx_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_didnot_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_maybe_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_only_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests01\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests02\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests03\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests04\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests05\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_only_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_mix_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_none_only_requests\(ad_member\)
diff --git a/selftest/expectedfail.d/ntlmdisabled b/selftest/expectedfail.d/ntlmdisabled
new file mode 100644
index 00000000000..cbfb49db17e
--- /dev/null
+++ b/selftest/expectedfail.d/ntlmdisabled
@@ -0,0 +1,6 @@
+# NTLM authentication is (intentionally) disabled in ktest
+^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ktest\)
+^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ad_dc_no_ntlm\)
+# Disabling NTLM means you can't use samr to change the password
+^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
+^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
diff --git a/selftest/knownfail.d/ntlmv1-restrictions b/selftest/expectedfail.d/ntlmv1-restrictions
similarity index 100%
rename from selftest/knownfail.d/ntlmv1-restrictions
rename to selftest/expectedfail.d/ntlmv1-restrictions
diff --git a/selftest/knownfail.d/samba-4.5-emulation b/selftest/expectedfail.d/samba-4.5-emulation
similarity index 100%
rename from selftest/knownfail.d/samba-4.5-emulation
rename to selftest/expectedfail.d/samba-4.5-emulation
diff --git a/selftest/knownfail b/selftest/knownfail
index 6f8e5607663..74698369157 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -349,23 +349,6 @@
^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_no_auth_presentation_ctx_invalid4
^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_auth_type2
^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_transfer
-# NETLOGON is disabled in any non-DC environments
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_2nd_cancel_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_08_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cancel_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cmpx_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_didnot_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_maybe_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_only_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests01\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests02\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests03\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests04\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests05\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_cancel_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_only_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_mix_requests\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_none_only_requests\(ad_member\)
^samba4.rpc.echo.*on.*with.object.echo.doublepointer.*nt4_dc
^samba4.rpc.echo.*on.*with.object.echo.surrounding.*nt4_dc
@@ -380,14 +363,4 @@
# We currently don't send referrals for LDAP modify of non-replicated attrs
^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
-# NETLOGON is disabled in any non-DC environments
-^samba.tests.netlogonsvc.python\(ad_member\)
-^samba.tests.netlogonsvc.python\(simpleserver\)
-^samba.tests.netlogonsvc.python\(fileserver\)
-# NTLM authentication is (intentionally) disabled in ktest
-^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ktest\)
-^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ad_dc_no_ntlm\)
-# Disabling NTLM means you can't use samr to change the password
-^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
-^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
diff --git a/selftest/knownfail.d/README b/selftest/knownfail.d/README
index 6f0262a374c..ca6c7a598bd 100644
--- a/selftest/knownfail.d/README
+++ b/selftest/knownfail.d/README
@@ -1,6 +1,10 @@
# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
+# Tests that are intended to *always* fail (e.g. to prove that the
+# test can't succeed under certain conditions) should be added under
+# selftest/expectedfail.d instead.
+#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
diff --git a/selftest/knownfail.d/bug-14236 b/selftest/knownfail.d/bug-14236
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/selftest/knownfail.d/dns_packet b/selftest/knownfail.d/dns_packet
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/selftest/knownfail.d/keytab b/selftest/knownfail.d/keytab
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/selftest/knownfail.d/lzxpress b/selftest/knownfail.d/lzxpress
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/selftest/knownfail.d/sddl b/selftest/knownfail.d/sddl
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/selftest/knownfail.d/smbcacls b/selftest/knownfail.d/smbcacls
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index dbb07604af5..187e4007ee7 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -949,6 +949,10 @@ my @exported_envvars = (
"PASSWORD",
"DC_USERNAME",
"DC_PASSWORD",
+ "DOMAIN_ADMIN",
+ "DOMAIN_ADMIN_PASSWORD",
+ "DOMAIN_USER",
+ "DOMAIN_USER_PASSWORD",
# UID/GID for rfc2307 mapping tests
"UID_RFC2307TEST",
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index ba7c5b90a17..0e4ef168f4c 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1009,6 +1009,10 @@ sub provision_ad_member
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
# forest trust
$ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER};
@@ -1174,6 +1178,10 @@ sub setup_ad_member_rfc2307
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
return $ret;
}
@@ -1270,6 +1278,10 @@ sub setup_admem_idmap_autorid
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
return $ret;
}
@@ -1369,6 +1381,10 @@ sub setup_ad_member_idmap_rid
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
return $ret;
}
@@ -1469,6 +1485,10 @@ sub setup_ad_member_idmap_ad
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
$ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
$ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
@@ -1561,6 +1581,10 @@ sub setup_ad_member_oneway
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
$ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
$ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
@@ -3573,6 +3597,10 @@ sub provision($$)
[smbget]
path = $smbget_sharedir
comment = smb username is [%U]
+
+[smbget_guest]
+ path = $smbget_sharedir
+ comment = smb username is [%U]
guest ok = yes
include = $aliceconfdir/%U.conf
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 5f1f1bfffad..dd1400633e8 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -559,7 +559,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
warn("Unable to clean up");
}
-
+
my $swiface = Samba::get_interface($hostname);
$ctx->{prefix} = $prefix;
@@ -587,6 +587,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
$ctx->{realm} = uc($realm);
$ctx->{dnsname} = lc($realm);
$ctx->{samsid} = $samsid;
+ $ctx->{domain_admin} = "Administrator";
+ $ctx->{domain_admin_password} = $password;
+ $ctx->{domain_user} = "alice";
+ $ctx->{domain_user_password} = "Secret007";
$ctx->{functional_level} = $functional_level;
@@ -906,6 +910,10 @@ nogroup:x:65534:nobody
DOMAIN => $ctx->{domain},
USERNAME => $ctx->{username},
DC_USERNAME => $ctx->{username},
+ DOMAIN_ADMIN => $ctx->{domain_admin},
+ DOMAIN_ADMIN_PASSWORD => $ctx->{domain_admin_password},
+ DOMAIN_USER => $ctx->{domain_user},
+ DOMAIN_USER_PASSWORD => $ctx->{domain_user_password},
REALM => $ctx->{realm},
DNSNAME => $ctx->{dnsname},
SAMSID => $ctx->{samsid},
@@ -1034,7 +1042,7 @@ replace: userPrincipalName
userPrincipalName: testallowed upn\@$ctx->{realm}
replace: servicePrincipalName
servicePrincipalName: host/testallowed
--
+-
";
close($ldif);
unless ($? == 0) {
@@ -1057,7 +1065,7 @@ servicePrincipalName: host/testallowed
changetype: modify
replace: userPrincipalName
userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
--
+-
";
close($ldif);
unless ($? == 0) {
@@ -2225,7 +2233,7 @@ sub provision_chgdcpass($$)
warn("Unable to add wins configuration");
return undef;
}
-
+
# Remove secrets.tdb from this environment to test that we
# still start up on systems without the new matching
# secrets.tdb records.
diff --git a/selftest/wscript b/selftest/wscript
index 785033e8ec7..daf497d5e62 100644
--- a/selftest/wscript
+++ b/selftest/wscript
@@ -143,6 +143,7 @@ def cmd_testonly(opt):
env.FILTER_XFAIL = ('${PYTHON} -u ${srcdir}/selftest/filter-subunit '
'--expected-failures=${srcdir}/selftest/knownfail '
'--expected-failures=${srcdir}/selftest/knownfail.d '
+ '--expected-failures=${srcdir}/selftest/expectedfail.d '
'--flapping=${srcdir}/selftest/flapping '
'--flapping=${srcdir}/selftest/flapping.d')
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
index bdc62a71eff..74050f6951a 100755
--- a/source3/script/tests/test_smbget.sh
+++ b/source3/script/tests/test_smbget.sh
@@ -16,9 +16,11 @@ DOMAIN=${3}
REALM=${4}
USERNAME=${5}
PASSWORD=${6}
-WORKDIR=${7}
-SMBGET="$VALGRIND ${8}"
-shift 8
+DOMAIN_USER=${7}
+DOMAIN_USER_PASSWORD=${8}
+WORKDIR=${9}
+SMBGET="$VALGRIND ${10}"
+shift 10
TMPDIR="$SELFTEST_TMPDIR"
@@ -27,6 +29,7 @@ incdir=$(dirname $0)/../../../testprogs/blackbox
. "${incdir}/common_test_fns.inc"
samba_kinit=$(system_or_builddir_binary kinit "${BINDIR}" samba4kinit)
+samba_texpect="${BINDIR}/texpect"
create_test_data()
{
@@ -55,8 +58,8 @@ clear_download_area()
test_singlefile_guest()
{
clear_download_area
- echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile"
- $SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile
+ echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile"
+ $SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile
if [ $? -ne 0 ]; then
echo 'ERROR: RC does not match, expected: 0'
return 1
@@ -72,7 +75,7 @@ test_singlefile_guest()
--
Samba Shared Repository
More information about the samba-cvs
mailing list