[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon May 29 23:30:01 UTC 2023
The branch, master has been updated
via 2a0e53374dd selftest: Confirm that the flags like DS_DIRECTORY_SERVICE_9_REQUIRED work
via 920e1a5bae3 selftest: Rework samba.tests.getdcname not to use ncalrpc
via 1593c9e6588 selftest: Assert that we have a trust in samba.tests.getdcname
via 7f692601c5c libcli: Don’t call memcpy() with a NULL pointer
via fb759809f89 python:tests: Ensure that we don’t overwrite tests
via 7390eb12547 python:tests: Make script executable
via d308136a5e5 python:tests: Initialize global variable
via 2009166efd4 python:tests: Remove unused imports
via c51bffa8fdc python:tests: Exclude Python test directories
via 63c228f89f3 python:tests: Fix f-strings
via 5dfb090d9cd s4:rpc_server/samr: Log correct authentication description for samr_ChangePasswordUser2()
via 838cdd16808 s4:torture: Consistently use NBT_SERVER_* flags
via f75b980fff9 s4:torture: Handle new NBT_SERVER_* flags
via e14b5974c67 net_ads: Handle new NBT_SERVER_* flags
via 2641b4a20e4 samba-tool domain: Handle new NBT_SERVER_* flags
via 642079771b5 librpc/idl: Fix indentation
via 20ba6e487b0 tests/auth_log: Remove debugging code
via de4ce89e0a5 tests/auth_log: Add missing call to tearDownClass()
via 76e87c6262d tests/audit_log: Add missing call to tearDown()
via a05a9a3e780 tests/auth_log: Remove unnecessary check
via 6d68ef23b32 tests/audit_log: Remove unnecessary checks
via 4cb869dce44 tests/auth_log: Call discardMessages() on class
via 47a0b9a4cbc tests/auth_log: Make discardMessages() more reliable
via 5c1ea54cea9 tests/auth_log: Expect no messages when changing a non-existent user’s password
via e1884e8038f tests/audit_log: Make discardMessages() more reliable
via e2e8c86988a tests/auth_log: Correctly get lp_ctx
via af9d1a3d909 tests/auth_log: Remove unneeded len() call
via a7ad25a7811 tests/audit_log: Remove unneeded len() call
via 40425672fe9 tests/auth_log: Rename ‘self’ parameter to ‘cls’
via 1923abe7e4c tests/auth_log: Rename ‘self’ parameter to ‘cls’
via 1c17d56cc53 tests/auth_log: Correctly check for GUID
via ffda69f2d9d tests/audit_log: Correctly check for GUID
via 72d5a5a33bc tests/auth_log: Pre-compile GUID regex
via b1b7d7561ac tests/krb5: Don’t cache accounts with an assigned policy or silo
via dc0d96b058b tests/krb5: Move TestCaseInTempDir to more appropriate place in class hierarchy
from 035f6d914d1 vfs_fruit: add fruit:convert_adouble parameter
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2a0e53374dd8ae26f7f180fb6218363da7d17fec
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu May 25 16:59:52 2023 +1200
selftest: Confirm that the flags like DS_DIRECTORY_SERVICE_9_REQUIRED work
We need to confirm this both for forwarded requests, and also for requests
direct to the possible DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon May 29 23:29:50 UTC 2023 on atb-devel-224
commit 920e1a5bae33391615cd8b66f2f34d7837845aa0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu May 25 16:57:55 2023 +1200
selftest: Rework samba.tests.getdcname not to use ncalrpc
This test is able to operate over the network, which aids testing against
a comparative windows DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 1593c9e6588cd15b88793d43bee17c060718c134
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 24 16:28:20 2023 +1200
selftest: Assert that we have a trust in samba.tests.getdcname
We must ensure this test cannot became inoperative because the
environment it was run against has no trust.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 7f692601c5ca5f2b846f7ff270044f97d849d7d0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 26 16:05:43 2023 +1200
libcli: Don’t call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fb759809f89d8277542b1106d39939f32a04778e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 17:03:48 2023 +1200
python:tests: Ensure that we don’t overwrite tests
If the file iterator returns two entries with the same name, one may
overwrite the other.
script_iterator() currently ensures this won’t happen, but it pays to be
safe.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7390eb12547fff6964af97916ec3914259d607a2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 16:28:45 2023 +1200
python:tests: Make script executable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d308136a5e51f3dd2cef7253b184b8b348ff924f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 16:28:29 2023 +1200
python:tests: Initialize global variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2009166efd40f39cc29a7cf0a3cf97d73df6678d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 16:57:36 2023 +1200
python:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c51bffa8fdcac6f0d49fb4cc7656ab789ab50bc2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 16:58:30 2023 +1200
python:tests: Exclude Python test directories
Practically all of our Kerberos tests are excluded already. Many of our
tests aren’t marked as executable, and so aren’t being checked anyway.
Rather than having a large list of exclusions which one may easily
forget to update, just exclude the test directories.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 63c228f89f381f802c8b551ffb1a4fe2844d3995
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 14:14:11 2023 +1200
python:tests: Fix f-strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5dfb090d9cde58edc96b9521af69692208ab656c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 12:58:09 2023 +1200
s4:rpc_server/samr: Log correct authentication description for samr_ChangePasswordUser2()
We would unconditionally log "samr_ChangePasswordUser3", which was
misleading.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 838cdd16808d4bc58bdd156f7715df34b388b950
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 09:55:19 2023 +1200
s4:torture: Consistently use NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f75b980fff98370fe09c7f8280b2d61b71f1214b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 09:54:58 2023 +1200
s4:torture: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e14b5974c67ee39d7033c6aa7cbf71c6dc46d7ec
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 09:48:19 2023 +1200
net_ads: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2641b4a20e4a4f87f6c2c6d5e824d2ed55d01a4b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 09:33:38 2023 +1200
samba-tool domain: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 642079771b5a8525e982bdd29c4ceea457c95580
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 09:30:03 2023 +1200
librpc/idl: Fix indentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 20ba6e487b08acb390ad35178dc6759a558877aa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 26 15:42:27 2023 +1200
tests/auth_log: Remove debugging code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit de4ce89e0a507c23aaba2d8719a6943034b213c1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 26 11:50:35 2023 +1200
tests/auth_log: Add missing call to tearDownClass()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 76e87c6262d73f66f5b2b46204d6aef7526ffa32
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 26 11:50:21 2023 +1200
tests/audit_log: Add missing call to tearDown()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a05a9a3e780e868fe717d03c81d38fe1356b69af
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 12:22:11 2023 +1200
tests/auth_log: Remove unnecessary check
This attribute is always truthy.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6d68ef23b3280675d45eb85db7653f2bceaf10c7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 12:20:06 2023 +1200
tests/audit_log: Remove unnecessary checks
These attributes are always truthy.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4cb869dce44b9397cb34f34a918e1bcda8c61223
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 12:16:32 2023 +1200
tests/auth_log: Call discardMessages() on class
This makes it clearer that discardMessages() operates on the class.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 47a0b9a4cbc4c13330c3e362e30b2f8795552466
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 12:15:07 2023 +1200
tests/auth_log: Make discardMessages() more reliable
It can take two or three calls to msg_ctx.loop_once() before a message
comes in. Make sure we get all of the messages.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5c1ea54cea98782db8cec63398c5a28cdd6dd5e9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 26 16:00:50 2023 +1200
tests/auth_log: Expect no messages when changing a non-existent user’s password
These log messages come from setUp(), and the fact that we are getting
them is merely a side-effect of the unreliability of discardMessages().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e1884e8038f9fa663ddf1993a9d1ec96babe2bc9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 25 12:13:28 2023 +1200
tests/audit_log: Make discardMessages() more reliable
It can take two or three calls to msg_ctx.loop_once() before a message
comes in. Make sure we get all of the messages.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e2e8c86988af26c6a505937d5ef066bdfafa539f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 14:55:35 2023 +1200
tests/auth_log: Correctly get lp_ctx
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit af9d1a3d9090949a1326d625ce2ebb0fbf2dc152
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 11:11:20 2023 +1200
tests/auth_log: Remove unneeded len() call
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a7ad25a781149f24eb82dc4dee4382ac1cabb2fa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 11:11:01 2023 +1200
tests/audit_log: Remove unneeded len() call
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 40425672fe992fe52b2529a5a80b3fe1db0bfbc0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 24 10:13:07 2023 +1200
tests/auth_log: Rename ‘self’ parameter to ‘cls’
This method operates on the class, not on an instance of that class.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1923abe7e4c151300aee78fcbe9cf30c61865ec5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 23 16:45:28 2023 +1200
tests/auth_log: Rename ‘self’ parameter to ‘cls’
This method operates on the class, not on an instance of that class.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1c17d56cc53cc5b4eaeff87ccbea68fb07b7caf1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 23 16:43:10 2023 +1200
tests/auth_log: Correctly check for GUID
Pattern.match() only checks the starting portion of the string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ffda69f2d9d074867c451b5f880315d126865bd2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 23 16:42:54 2023 +1200
tests/audit_log: Correctly check for GUID
Pattern.match() only checks the starting portion of the string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 72d5a5a33bcf504a2095d2c771737d8feea03d26
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 23 16:37:30 2023 +1200
tests/auth_log: Pre-compile GUID regex
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b1b7d7561acccfec248c6a2f260d81c0f3bacbe2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 26 12:07:42 2023 +1200
tests/krb5: Don’t cache accounts with an assigned policy or silo
Such accounts are virtually never reused. Not caching them (thus
deleting them early) grants significant time savings.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dc0d96b058b7b55a5a5ef9954bedcc692da6f8b3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 23 14:47:52 2023 +1200
tests/krb5: Move TestCaseInTempDir to more appropriate place in class hierarchy
KDCBaseTest is the only class that makes use of it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/cldap/cldap.c | 4 +-
librpc/idl/nbt.idl | 4 +-
python/samba/netcmd/domain/trust.py | 2 +
python/samba/tests/audit_log_base.py | 31 ++++---
python/samba/tests/auth_log_base.py | 39 +++++----
python/samba/tests/auth_log_pass_change.py | 19 ++---
python/samba/tests/getdcname.py | 112 +++++++++++++++++++++-----
python/samba/tests/krb5/authn_policy_tests.py | 2 +
python/samba/tests/krb5/kdc_base_test.py | 4 +-
python/samba/tests/krb5/raw_testcase.py | 4 +-
python/samba/tests/source_chars.py | 18 +++--
python/samba/tests/usage.py | 51 +++---------
selftest/knownfail.d/getdcname | 3 +
source3/utils/net_ads.c | 44 +++++++++-
source4/rpc_server/samr/samr_password.c | 26 ++++--
source4/selftest/tests.py | 2 +-
source4/torture/ldap/netlogon.c | 16 ++--
17 files changed, 254 insertions(+), 127 deletions(-)
mode change 100644 => 100755 python/samba/tests/source_chars.py
create mode 100644 selftest/knownfail.d/getdcname
Changeset truncated at 500 lines:
diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c
index 6c2bf86c111..8176946e8b5 100644
--- a/libcli/cldap/cldap.c
+++ b/libcli/cldap/cldap.c
@@ -513,7 +513,9 @@ NTSTATUS cldap_reply_send(struct cldap_socket *cldap, struct cldap_reply *io)
goto nomem;
}
- memcpy(state->blob.data, blob1.data, blob1.length);
+ if (blob1.data != NULL) {
+ memcpy(state->blob.data, blob1.data, blob1.length);
+ }
memcpy(state->blob.data+blob1.length, blob2.data, blob2.length);
data_blob_free(&blob1);
data_blob_free(&blob2);
diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl
index 021e9538bd7..fd56c46bb5e 100644
--- a/librpc/idl/nbt.idl
+++ b/librpc/idl/nbt.idl
@@ -360,8 +360,8 @@ interface nbt
NBT_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800, /* 2008 / RODC */
NBT_SERVER_FULL_SECRET_DOMAIN_6 = 0x00001000, /* 2008 */
NBT_SERVER_ADS_WEB_SERVICE = 0x00002000,
- NBT_SERVER_DS_8 = 0x00004000, /* 2012 */
- NBT_SERVER_DS_9 = 0x00008000, /* 2012R2 */
+ NBT_SERVER_DS_8 = 0x00004000, /* 2012 */
+ NBT_SERVER_DS_9 = 0x00008000, /* 2012R2 */
NBT_SERVER_DS_10 = 0x00010000, /* 2016 */
NBT_SERVER_HAS_DNS_NAME = 0x20000000,
NBT_SERVER_IS_DEFAULT_NC = 0x40000000,
diff --git a/python/samba/netcmd/domain/trust.py b/python/samba/netcmd/domain/trust.py
index 4a7470869eb..361cb2900fd 100644
--- a/python/samba/netcmd/domain/trust.py
+++ b/python/samba/netcmd/domain/trust.py
@@ -185,6 +185,8 @@ class DomainTrustCommand(Command):
nbt.NBT_SERVER_FULL_SECRET_DOMAIN_6: "FULL_SECRET_DOMAIN_6",
nbt.NBT_SERVER_ADS_WEB_SERVICE: "ADS_WEB_SERVICE",
nbt.NBT_SERVER_DS_8: "DS_8",
+ nbt.NBT_SERVER_DS_9: "DS_9",
+ nbt.NBT_SERVER_DS_10: "DS_10",
nbt.NBT_SERVER_HAS_DNS_NAME: "HAS_DNS_NAME",
nbt.NBT_SERVER_IS_DEFAULT_NC: "IS_DEFAULT_NC",
nbt.NBT_SERVER_FOREST_ROOT: "FOREST_ROOT",
diff --git a/python/samba/tests/audit_log_base.py b/python/samba/tests/audit_log_base.py
index 18f86a9d310..73d0d8e306c 100644
--- a/python/samba/tests/audit_log_base.py
+++ b/python/samba/tests/audit_log_base.py
@@ -126,12 +126,12 @@ class AuditLogTestBase(samba.tests.TestCase):
self.discardMessages()
self.msg_ctx.irpc_remove_name(self.event_type)
self.msg_ctx.irpc_remove_name(AUTH_EVENT_NAME)
- if self.msg_handler_and_context:
- self.msg_ctx.deregister(self.msg_handler_and_context,
- msg_type=self.message_type)
- if self.auth_handler_and_context:
- self.msg_ctx.deregister(self.auth_handler_and_context,
- msg_type=MSG_AUTH_LOG)
+ self.msg_ctx.deregister(self.msg_handler_and_context,
+ msg_type=self.message_type)
+ self.msg_ctx.deregister(self.auth_handler_and_context,
+ msg_type=MSG_AUTH_LOG)
+
+ super().tearDown()
def haveExpected(self, expected, dn):
if dn is None:
@@ -175,13 +175,20 @@ class AuditLogTestBase(samba.tests.TestCase):
# Discard any previously queued messages.
def discardMessages(self):
- self.msg_ctx.loop_once(0.001)
- while (len(self.context["messages"]) or
- self.context["txnMessage"] is not None):
+ messages = self.context["messages"]
- self.context["messages"] = []
+ while True:
+ messages.clear()
self.context["txnMessage"] = None
- self.msg_ctx.loop_once(0.001)
+
+ # tevent presumably has other tasks to run, so we might need two or
+ # three loops before a message comes through.
+ for _ in range(5):
+ self.msg_ctx.loop_once(0.001)
+
+ if not messages and self.context["txnMessage"] is None:
+ # No new messages. We’ve probably got them all.
+ break
GUID_RE = re.compile(
"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}")
@@ -190,7 +197,7 @@ class AuditLogTestBase(samba.tests.TestCase):
# Is the supplied GUID string correctly formatted
#
def is_guid(self, guid):
- return self.GUID_RE.match(guid)
+ return self.GUID_RE.fullmatch(guid)
def get_session(self):
return self.auth_context["sessionId"]
diff --git a/python/samba/tests/auth_log_base.py b/python/samba/tests/auth_log_base.py
index ebe9c3a124a..586719980cb 100644
--- a/python/samba/tests/auth_log_base.py
+++ b/python/samba/tests/auth_log_base.py
@@ -41,7 +41,7 @@ class AuthLogTestBase(samba.tests.TestCase):
if server_conf:
lp_ctx = LoadParm(filename_for_non_global_lp=server_conf)
else:
- samba.tests.env_loadparm()
+ lp_ctx = samba.tests.env_loadparm()
cls.msg_ctx = Messaging((1,), lp_ctx=lp_ctx)
cls.msg_ctx.irpc_add_name(AUTH_EVENT_NAME)
@@ -72,15 +72,16 @@ class AuthLogTestBase(samba.tests.TestCase):
cls.connection = None
@classmethod
- def tearDownClass(self):
- if self.msg_handler_and_context:
- self.msg_ctx.deregister(self.msg_handler_and_context,
- msg_type=MSG_AUTH_LOG)
- self.msg_ctx.irpc_remove_name(AUTH_EVENT_NAME)
+ def tearDownClass(cls):
+ cls.msg_ctx.deregister(cls.msg_handler_and_context,
+ msg_type=MSG_AUTH_LOG)
+ cls.msg_ctx.irpc_remove_name(AUTH_EVENT_NAME)
+
+ super().tearDownClass()
def setUp(self):
super(AuthLogTestBase, self).setUp()
- self.discardMessages()
+ type(self).discardMessages()
def waitForMessages(self, isLastExpectedMessage, connection=None):
"""Wait for all the expected messages to arrive
@@ -128,11 +129,20 @@ class AuthLogTestBase(samba.tests.TestCase):
# Discard any previously queued messages.
@classmethod
- def discardMessages(self):
- self.msg_ctx.loop_once(0.001)
- while len(self.context["messages"]):
- self.context["messages"] = []
- self.msg_ctx.loop_once(0.001)
+ def discardMessages(cls):
+ messages = cls.context["messages"]
+
+ while True:
+ messages.clear()
+
+ # tevent presumably has other tasks to run, so we might need two or
+ # three loops before a message comes through.
+ for _ in range(5):
+ cls.msg_ctx.loop_once(0.001)
+
+ if not messages:
+ # No new messages. We’ve probably got them all.
+ break
# Remove any NETLOGON authentication messages
# NETLOGON is only performed once per session, so to avoid ordering
@@ -147,10 +157,11 @@ class AuthLogTestBase(samba.tests.TestCase):
return list(filter(is_not_netlogon, messages))
- GUID_RE = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+ GUID_RE = re.compile(
+ "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}")
#
# Is the supplied GUID string correctly formatted
#
def is_guid(self, guid):
- return re.match(self.GUID_RE, guid)
+ return self.GUID_RE.fullmatch(guid)
diff --git a/python/samba/tests/auth_log_pass_change.py b/python/samba/tests/auth_log_pass_change.py
index 1ca46c586b3..eef2d743684 100644
--- a/python/samba/tests/auth_log_pass_change.py
+++ b/python/samba/tests/auth_log_pass_change.py
@@ -51,11 +51,6 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
credentials=self.get_credentials(),
lp=self.get_loadparm())
- print("ldb %s" % type(self.ldb))
- # Gets back the basedn
- base_dn = self.ldb.domain_dn()
- print("base_dn %s" % base_dn)
-
# permit password changes during this test
PasswordCommon.allow_password_changes(self, self.ldb)
@@ -71,7 +66,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
})
# discard any auth log messages for the password setup
- self.discardMessages()
+ type(self).discardMessages()
gnutls_pbkdf2_support = samba.tests.env_get_var_value(
'GNUTLS_PBKDF2_SUPPORT',
allow_missing=True)
@@ -237,14 +232,12 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
"Did not receive the expected message")
#
- # Currently this does not get logged, so we expect to only see the log
- # entries for the underlying ldap bind.
+ # Currently this does not get logged, so we expect to see no messages.
#
def test_ldap_change_password_bad_user(self):
def isLastExpectedMessage(msg):
- return (msg["type"] == "Authorization" and
- msg["Authorization"]["serviceDescription"] == "LDAP" and
- msg["Authorization"]["authType"] == "krb5")
+ # Accept any message we receive.
+ return True
new_password = samba.generate_random_password(32, 32)
try:
@@ -260,8 +253,8 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(num, msg) = e.args
pass
- self.assertTrue(self.waitForMessages(isLastExpectedMessage),
- "Did not receive the expected message")
+ self.assertFalse(self.waitForMessages(isLastExpectedMessage),
+ "Received unexpected messages")
def test_ldap_change_password_bad_original_password(self):
def isLastExpectedMessage(msg):
diff --git a/python/samba/tests/getdcname.py b/python/samba/tests/getdcname.py
index 5b777478bf7..55116bf98dc 100644
--- a/python/samba/tests/getdcname.py
+++ b/python/samba/tests/getdcname.py
@@ -40,11 +40,12 @@ class GetDCNameEx(samba.tests.TestCase):
self.domain = os.environ.get('DOMAIN')
self.trust_realm = os.environ.get('TRUST_REALM')
self.trust_domain = os.environ.get('TRUST_DOMAIN')
+ self.trust_server = os.environ.get('TRUST_SERVER')
def _call_get_dc_name(self, domain=None, domain_guid=None,
site_name=None, ex2=False, flags=0):
if self.netlogon_conn is None:
- self.netlogon_conn = netlogon.netlogon("ncalrpc:[schannel]",
+ self.netlogon_conn = netlogon.netlogon(f"ncacn_ip_tcp:{self.server}",
self.get_loadparm())
if ex2:
@@ -97,8 +98,7 @@ class GetDCNameEx(samba.tests.TestCase):
b) The returned domain does not match our own domain
c) The domain matches the format requested
"""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
response_trust = self._call_get_dc_name(domain=self.trust_realm,
ex2=True)
@@ -137,8 +137,7 @@ class GetDCNameEx(samba.tests.TestCase):
Ex calls Ex2 anyways, from now on, just test Ex.
"""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
response_trust = self._call_get_dc_name(domain=self.trust_realm,
flags=netlogon.DS_RETURN_DNS_NAME)
@@ -179,8 +178,7 @@ class GetDCNameEx(samba.tests.TestCase):
We assume that there is no Invalid-First-Site-Name site.
"""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
site = 'Invalid-First-Site-Name'
try:
@@ -199,8 +197,7 @@ class GetDCNameEx(samba.tests.TestCase):
We assume that there is no Invalid-First-Site-Name site.
"""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
site = 'Invalid-First-Site-Name'
try:
@@ -219,8 +216,7 @@ class GetDCNameEx(samba.tests.TestCase):
We assume that there is a Default-First-Site-Name site.
"""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
site = ''
try:
@@ -243,8 +239,7 @@ class GetDCNameEx(samba.tests.TestCase):
def test_get_dc_over_winbind_netbios(self):
"""Supply a NETBIOS trust domain name."""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
try:
response_trust = self._call_get_dc_name(domain=self.trust_domain,
@@ -265,8 +260,7 @@ class GetDCNameEx(samba.tests.TestCase):
Currently marked in flapping...
"""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
site = 'Default-First-Site-Name'
try:
@@ -287,8 +281,7 @@ class GetDCNameEx(samba.tests.TestCase):
def test_get_dc_over_winbind_domain_guid(self):
"""Ensure that we do not reject requests supplied with a NULL GUID"""
- if self.trust_realm is None:
- return
+ self.assertIsNotNone(self.trust_realm)
null_guid = GUID()
try:
@@ -332,8 +325,7 @@ class GetDCNameEx(samba.tests.TestCase):
We assume that there is no Invalid-First-Site-Name site.
"""
- if self.realm is None:
- return
+ self.assertIsNotNone(self.realm)
site = 'Invalid-First-Site-Name'
try:
@@ -451,6 +443,88 @@ class GetDCNameEx(samba.tests.TestCase):
self.assertEqual(response.domain_name.lower(),
self.realm.lower())
+ def test_get_dc_winbind_need_2012r2(self):
+ """Test requring that we have a FL2012R2 DC as answer
+ """
+ self.assertIsNotNone(self.trust_realm)
+
+ try:
+ response_trust = self._call_get_dc_name(domain=self.trust_realm,
+ flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED)
+ except WERRORError as e:
+ enum, estr = e.args
+ self.fail(f"netr_DsRGetDCNameEx failed: {estr}")
+
+ self.assertTrue(response_trust.dc_unc is not None)
+ self.assertTrue(response_trust.dc_unc.startswith('\\\\'))
+ self.assertTrue(response_trust.dc_address is not None)
+ self.assertTrue(response_trust.dc_address.startswith('\\\\'))
+
+ self.assertEqual(response_trust.domain_name.lower(),
+ self.trust_realm.lower())
+
+ def test_get_dc_direct_need_2012r2_but_not_found(self):
+ """Test requring that we have a FL2012R2 DC as answer, aginst the FL2008R2 domain
+
+ This test requires that the DC in the FL2008R2 does not claim
+ to be 2012R2 capable (off by default in Samba)
+
+ """
+ self.assertIsNotNone(self.realm)
+
+
+ try:
+ response = self._call_get_dc_name(domain=self.realm,
+ flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED)
+
+ self.fail("Failed to detect requirement for 2012 that is not met")
+ except WERRORError as e:
+ enum, estr = e.args
+ if enum != werror.WERR_NO_SUCH_DOMAIN:
+ self.fail("Failed to detect requirement for 2012 that is not met")
+
+ def test_get_dc_direct_need_2012r2(self):
+ """Test requring that we have a FL2012R2 DC as answer
+ """
+ self.assertIsNotNone(self.trust_realm)
+
+ self.netlogon_conn = netlogon.netlogon(f"ncacn_ip_tcp:{self.trust_server}",
+ self.get_loadparm())
+
+ response_trust = self._call_get_dc_name(domain=self.trust_realm,
+ flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED)
+
+ self.assertTrue(response_trust.dc_unc is not None)
+ self.assertTrue(response_trust.dc_unc.startswith('\\\\'))
+ self.assertTrue(response_trust.dc_address is not None)
+ self.assertTrue(response_trust.dc_address.startswith('\\\\'))
+
+ self.assertEqual(response_trust.domain_name.lower(),
+ self.trust_realm.lower())
+
+ def test_get_dc_winbind_need_2012r2_but_not_found(self):
+ """Test requring that we have a FL2012R2 DC as answer, aginst the FL2008R2 domain
+
+ This test requires that the DC in the FL2008R2 does not claim
+ to be 2012R2 capable (off by default in Samba)
+
+ """
+ self.assertIsNotNone(self.realm)
+
+ self.netlogon_conn = netlogon.netlogon(f"ncacn_ip_tcp:{self.trust_server}",
+ self.get_loadparm())
+
+
+ try:
+ response = self._call_get_dc_name(domain=self.realm,
+ flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED)
+
+ self.fail("Failed to detect requirement for 2012 that is not met")
+ except WERRORError as e:
+ enum, estr = e.args
+ if enum != werror.WERR_NO_SUCH_DOMAIN:
+ self.fail("Failed to detect requirement for 2012 that is not met")
+
# TODO Thorough tests of domain GUID
#
# The domain GUID does not seem to be authoritative, and seems to be a
diff --git a/python/samba/tests/krb5/authn_policy_tests.py b/python/samba/tests/krb5/authn_policy_tests.py
index 6182388f262..c94967a2340 100755
--- a/python/samba/tests/krb5/authn_policy_tests.py
+++ b/python/samba/tests/krb5/authn_policy_tests.py
@@ -130,8 +130,10 @@ class AuthnPolicyTests(KdcTgsBaseTests):
members += (member_of,)
if assigned_policy is not None:
opts['assigned_policy'] = str(assigned_policy)
+ cached = False # Policies are rarely reused between accounts.
if assigned_silo is not None:
opts['assigned_silo'] = str(assigned_silo)
+ cached = False # Silos are rarely reused between accounts.
if allowed_rodc:
opts['allowed_replication_mock'] = True
opts['revealed_to_mock_rodc'] = True
diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 8c258fe711c..b8412cd57ff 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -95,7 +95,7 @@ from samba.samdb import SamDB, dsdb_Dn
rc4_bit = security.KERB_ENCTYPE_RC4_HMAC_MD5
aes256_sk_bit = security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK
-from samba.tests import delete_force
+from samba.tests import TestCaseInTempDir, delete_force
import samba.tests.krb5.kcrypto as kcrypto
from samba.tests.krb5.raw_testcase import (
KerberosCredentials,
@@ -144,7 +144,7 @@ class Principal:
self.sid = sid
-class KDCBaseTest(RawKerberosTest):
+class KDCBaseTest(TestCaseInTempDir, RawKerberosTest):
""" Base class for KDC tests.
"""
diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index e9e882334b4..889a29a38c8 100644
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -48,7 +48,7 @@ from samba.dcerpc.misc import (
)
import samba.tests
-from samba.tests import TestCaseInTempDir
+from samba.tests import TestCase
import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1
from samba.tests.krb5.rfc4120_constants import (
@@ -555,7 +555,7 @@ class KerberosTicketCreds:
self.sname = sname
-class RawKerberosTest(TestCaseInTempDir):
+class RawKerberosTest(TestCase):
"""A raw Kerberos Test case."""
class KpasswdMode(Enum):
diff --git a/python/samba/tests/source_chars.py b/python/samba/tests/source_chars.py
old mode 100644
new mode 100755
index e0acb38b8f7..0f44aa3a082
--- a/python/samba/tests/source_chars.py
+++ b/python/samba/tests/source_chars.py
@@ -1,3 +1,4 @@
+#!/usr/bin/env python3
# Unix SMB/CIFS implementation.
#
# Copyright (C) Catalyst.Net Ltd. 2021
@@ -15,10 +16,13 @@
# You should have received a copy of the GNU General Public License
--
Samba Shared Repository
More information about the samba-cvs
mailing list