search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-tests: Update statd-callout tests to handle both modes
[samba4-gss.git] / source4 / selftest / tests.py
blob76dd3c6884149962792e9fe617abe30c557567db
1 #!/usr/bin/python
2 # This script generates a list of testsuites that should be run as part of
3 # the Samba 4 test suite.
4
5 # The output of this script is parsed by selftest.pl, which then decides
6 # which of the tests to actually run. It will, for example, skip all tests
7 # listed in selftest/skip or only run a subset during "make quicktest".
8
9 # The idea is that this script outputs all of the tests of Samba 4, not
10 # just those that are known to pass, and list those that should be skipped
11 # or are known to fail in selftest/skip or selftest/knownfail. This makes it
12 # very easy to see what functionality is still missing in Samba 4 and makes
13 # it possible to run the testsuite against other servers, such as Samba 3 or
14 # Windows that have a different set of features.
15
16 # The syntax for a testsuite is "-- TEST --" on a single line, followed
17 # by the name of the test, the environment it needs and the command to run, all
18 # three separated by newlines. All other lines in the output are considered
19 # comments.
20
21 import os
22 import sys
23 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../selftest"))
24 import selftesthelpers
25 from selftesthelpers import bindir, srcdir, binpath, python
26 from selftesthelpers import configuration, plantestsuite
27 from selftesthelpers import planpythontestsuite, planperltestsuite
28 from selftesthelpers import plantestsuite_loadlist
29 from selftesthelpers import skiptestsuite, source4dir, valgrindify
30 from selftesthelpers import smbtorture4_options, smbtorture4_testsuites
31 from selftesthelpers import smbtorture4, samba3srcdir
32
33
34 print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr)
35
36
37 def plansmbtorture4testsuite(name, env, options, modname=None, environ=None):
38 if environ is None:
39 environ = {}
40
41 return selftesthelpers.plansmbtorture4testsuite(name,
42 env,
43 options,
44 target='samba4',
45 modname=modname,
46 environ=environ)
47
48
49 samba4srcdir = source4dir()
50 DSDB_PYTEST_DIR = os.path.join(samba4srcdir, "dsdb/tests/python/")
51 subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
52
53
54 def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None):
55 if extra_path is None:
56 extra_path = []
57 if environ is None:
58 environ = {}
59 if extra_args is None:
60 extra_args = []
61 environ = dict(environ)
62 py_path = list(extra_path)
63 if py_path:
64 environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
65 args = ["%s=%s" % item for item in environ.items()]
66 args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
67 args += extra_args
68 if name is None:
69 name = module
70 plantestsuite_loadlist(name, env, args)
71
72
73 samba4bindir = bindir()
74 validate = os.getenv("VALIDATE", "")
75 if validate:
76 validate_list = [validate]
77 else:
78 validate_list = []
79
80 nmblookup4 = binpath('nmblookup4')
81 smbclient4 = binpath('smbclient4')
82 smbclient3 = binpath('smbclient')
83
84 bbdir = os.path.join(srcdir(), "testprogs/blackbox")
85
86 # alias to highlight what tests we want to run against a DC with SMBv1 disabled
87 smbv1_disabled_testenv = "restoredc"
88
89 all_fl_envs = ["fl2000dc", "fl2003dc", "fl2008dc", "fl2008r2dc"]
90
91 # Simple tests for LDAP and CLDAP
92 for auth_type in ['', '-k no', '-k yes']:
93 for auth_level in ['--option=clientldapsaslwrapping=plain', '--client-protection=sign', '--client-protection=encrypt']:
94 creds = '-U"$USERNAME%$PASSWORD"'
95 options = creds + ' ' + auth_type + ' ' + auth_level
96 plantestsuite("samba4.ldb.ldap with options %r(ad_dc_default)" % options, "ad_dc_default", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options))
97
98 # see if we support ADS on the Samba3 side
99 try:
100 config_h = os.environ["CONFIG_H"]
101 except KeyError:
102 config_h = os.path.join(samba4bindir, "default/include/config.h")
103
104 # check available features
105 config_hash = dict()
106 f = open(config_h, 'r')
107 try:
108 lines = f.readlines()
109 config_hash = dict((x[0], ' '.join(x[1:]))
110 for x in map(lambda line: line.strip().split(' ')[1:],
111 list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines))))
112 finally:
113 f.close()
114
115 have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
116 have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash)
117 have_cluster_support = "CLUSTER_SUPPORT" in config_hash
118
119 for options in ['-U"$USERNAME%$PASSWORD"']:
120 plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
121 "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
122
123 creds_options = [
124 '--simple-bind-dn=$USERNAME@$REALM --password=$PASSWORD',
125 ]
126 peer_options = {
127 'SERVER_IP': '$SERVER_IP',
128 'SERVER_NAME': '$SERVER',
129 'SERVER.REALM': '$SERVER.$REALM',
130 }
131 tls_verify_options = [
132 '--option="tlsverifypeer=no_check"',
133 '--option="tlsverifypeer=ca_only"',
134 '--option="tlsverifypeer=ca_and_name_if_available"',
135 '--option="tlsverifypeer=ca_and_name"',
136 '--option="tlsverifypeer=as_strict_as_possible"',
137 ]
138
139 # we use :local for fl2008r2dc because of the self-signed certificate
140 for env in ["ad_dc_ntvfs", "fl2008r2dc:local"]:
141 for peer_key in peer_options.keys():
142 peer_val = peer_options[peer_key]
143 for creds in creds_options:
144 for tls_verify in tls_verify_options:
145 options = creds + ' ' + tls_verify
146 plantestsuite("samba4.ldb.simple.ldaps with options %s %s(%s)" % (
147 peer_key, options, env), env,
148 "%s/test_ldb_simple.sh ldaps %s %s" % (bbdir, peer_val, options))
149
150 # test all "ldap server require strong auth" combinations
151 for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
152 options = '--simple-bind-dn="$USERNAME@$REALM" --password="$PASSWORD"'
153 plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
154 env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
155 options += ' --option="tlsverifypeer=no_check"'
156 plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
157 env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
158
159 auth_options = [
160 '--option=clientldapsaslwrapping=plain',
161 '--client-protection=sign',
162 '--client-protection=encrypt',
163 '--use-kerberos=required --option=clientldapsaslwrapping=plain',
164 '--use-kerberos=required --client-protection=sign',
165 '--use-kerberos=required --client-protection=encrypt',
166 '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes"',
167 '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no"',
168 '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
169 '--use-kerberos=required --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
170 '--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
171 '--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
172 '--use-kerberos=disabled --client-protection=sign',
173 '--use-kerberos=disabled --client-protection=encrypt',
174 '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes"',
175 '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no"',
176 '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
177 '--use-kerberos=disabled --client-protection=sign --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
178 ]
179
180 for auth_option in auth_options:
181 options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
182 plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
183 env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
184
185 auth_options = [
186 '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
187 '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
188 '--use-kerberos=required --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
189 '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
190 '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
191 '--use-kerberos=required --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
192 '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=yes"',
193 '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:tls_channel_bindings=no"',
194 '--use-kerberos=disabled --option="ldap_testing:channel_bound=yes" --option="ldap_testing:forced_channel_binding=wRoNg"',
195 '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=no"',
196 '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:tls_channel_bindings=yes"',
197 '--use-kerberos=disabled --option="ldap_testing:channel_bound=no" --option="ldap_testing:forced_channel_binding=wRoNg"',
198 ]
199 for auth_option in auth_options:
200 options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check" ' + auth_option
201 plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
202 env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
203 options += ' --option="clientldapsaslwrapping=starttls"'
204 plantestsuite("samba4.ldb.simple.ldap starttls with SASL-BIND %s(%s)" % (options, env),
205 env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
206
207
208 envraw = "fl2008r2dc"
209 env = "%s:local" % envraw
210 plantestsuite("samba4.ldap_tls_reload(%s)" % (env), env,
211 "%s/test_ldap_tls_reload.sh $PREFIX_ABS $PREFIX_ABS/%s/private/tls $SERVER.$REALM" % (bbdir, envraw))
212
213 for options in ['-U"$USERNAME%$PASSWORD"']:
214 plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
215 "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))
216
217 for t in smbtorture4_testsuites("ldap."):
218 if t == "ldap.nested-search":
219 plansmbtorture4testsuite(t, "ad_dc_default_smb1", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_')
220 elif t == "ldap.session-expiry":
221 # This requires kerberos and thus the server name
222 plansmbtorture4testsuite(
223 t, "ad_dc_default", '-U"$USERNAME%$PASSWORD" //$DC_SERVER/_none_')
224 else:
225 plansmbtorture4testsuite(
226 t,
227 "ad_dc_default",
228 '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_ -D "$USERNAME"@"$REALM"##"$PASSWORD"')
229
230 for t in smbtorture4_testsuites("dsdb."):
231 plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
232
233 plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
234 "ad_dc_ntvfs:local",
235 [python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"),
236 '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
237
238 # Tests for RPC
239
240 # add tests to this list as they start passing, so we test
241 # that they stay passing
242 ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
243 ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
244 drs_rpc_tests = smbtorture4_testsuites("drs.rpc")
245 ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
246 slow_ncacn_np_tests = ["rpc.samlogon",
247 "rpc.samr",
248 "rpc.samr.users",
249 "rpc.samr.large-dc",
250 "rpc.samr.users.privileges",
251 "rpc.samr.passwords.default",
252 "rpc.samr.passwords.pwdlastset",
253 "rpc.samr.passwords.lockout",
254 "rpc.samr.passwords.badpwdcount"]
255 slow_ncacn_ip_tcp_tests = ["rpc.cracknames"]
256
257 all_rpc_tests = ncalrpc_tests + ncacn_np_tests + ncacn_ip_tcp_tests + slow_ncacn_np_tests + slow_ncacn_ip_tcp_tests + ["rpc.lsa.secrets", "rpc.pac", "rpc.samba3-sharesec", "rpc.countcalls"]
258
259 # Filter RPC tests that should not run against ad_dc_ntvfs
260 rpc_s3only = [
261 "rpc.mdssvc",
262 ]
263 rpc_fipsonly = [
264 "rpc.fips.netlogon.crypto",
265 ]
266 rpc_exclude = rpc_s3only + rpc_fipsonly
267 rpc_tests = [x for x in smbtorture4_testsuites("rpc.") if x not in rpc_exclude]
268 auto_rpc_tests = list(filter(lambda t: t not in all_rpc_tests, rpc_tests))
269
270 for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
271 for transport in ["ncalrpc", "ncacn_np", "ncacn_ip_tcp"]:
272 env = "ad_dc_default"
273 local = ""
274 if transport == "ncalrpc":
275 tests = ncalrpc_tests
276 local = ":local"
277 elif transport == "ncacn_np":
278 tests = ncacn_np_tests
279 elif transport == "ncacn_ip_tcp":
280 tests = ncacn_ip_tcp_tests
281 else:
282 raise AssertionError("invalid transport %r" % transport)
283 for t in tests:
284 if t == "rpc.netlogon":
285 env = "ad_dc_ntvfs"
286 elif t == "rpc.join":
287 env = "ad_dc_default_smb1"
288 plansmbtorture4testsuite(t, env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
289 plansmbtorture4testsuite('rpc.samba3-sharesec', env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:share=tmp'], "samba4.rpc.samba3.sharesec on %s with %s" % (transport, bindoptions))
290
291 # Plugin S4 DC tests (confirms named pipe auth forwarding). This can be expanded once kerberos is supported in the plugin DC
292 #
293 for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
294 for t in ncacn_np_tests:
295 env = "ad_dc"
296 transport = "ncacn_np"
297 if t in ["rpc.authcontext", "rpc.join"]:
298 env = "ad_dc_smb1"
299 plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
300
301 for bindoptions in [""] + validate_list + ["bigendian"]:
302 for t in auto_rpc_tests:
303 env = "ad_dc_default"
304 if t in ["rpc.srvsvc", "rpc.mgmt"]:
305 env = "ad_dc_ntvfs"
306 elif t == "rpc.join":
307 env = "ad_dc_default_smb1"
308 plansmbtorture4testsuite(t, env, ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
309
310 t = "rpc.countcalls"
311 plansmbtorture4testsuite(t, "ad_dc_default:local", ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s" % t)
312
313 for transport in ["ncacn_np", "ncacn_ip_tcp"]:
314 env = "ad_dc_slowtests"
315 if transport == "ncacn_np":
316 tests = slow_ncacn_np_tests
317 elif transport == "ncacn_ip_tcp":
318 tests = slow_ncacn_ip_tcp_tests
319 else:
320 raise AssertionError("Invalid transport %r" % transport)
321 for t in tests:
322 bindoptions = ''
323 if t == 'rpc.cracknames':
324 bindoptions = 'seal'
325 plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
326
327 # Tests for the DFS referral calls implementation
328 for t in smbtorture4_testsuites("dfs."):
329 plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
330 plansmbtorture4testsuite(t, "ad_dc_smb1", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
331
332 # Tests for the NET API (net.api.become.dc tested below against all the roles)
333 net_tests = list(filter(lambda x: "net.api.become.dc" not in x, smbtorture4_testsuites("net.")))
334 for t in net_tests:
335 plansmbtorture4testsuite(t, "ad_dc_default", '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
336
337 # Tests for session keys and encryption of RPC pipes
338 # FIXME: Integrate these into a single smbtorture test
339
340 transport = "ncacn_np"
341 for env in ["ad_dc_default", "nt4_dc"]:
342 for ntlmoptions in [
343 "-k no --option=clientusespnego=yes",
344 "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no",
345 "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes",
346 "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no",
347 "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
348 "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
349 "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes",
350 "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
351 "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
352 "-k no --option=clientusespnego=no --option=clientntlmv2auth=yes",
353 "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes",
354 "-k no --option=clientusespnego=no"]:
355 name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
356 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
357 plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient3, '$SMB_CONF_PATH', configuration])
358
359 gpo = smbtorture4_testsuites("gpo.")
360 for t in gpo:
361 plansmbtorture4testsuite(t, 'ad_dc:local', ['//$SERVER/sysvol', '-U$USERNAME%$PASSWORD'])
362
363 transports = ["ncacn_np", "ncacn_ip_tcp"]
364
365 # Kerberos varies between functional levels, so it is important to check this on all of them
366 for env in all_fl_envs:
367 transport = "ncacn_np"
368 plansmbtorture4testsuite('rpc.pac', env, ["%s:$SERVER[]" % (transport, ), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.pac on %s" % (transport,))
369 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME', 'rpc.lsa.secrets'], "samba4.rpc.lsa.secrets on %s with Kerberos" % (transport,))
370 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=dcom/$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dcom" % (transport,))
371 plansmbtorture4testsuite('rpc.lsa.secrets', env, [r"%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,))
372 plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal" % (transport,))
373 plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport)
374 plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME', '--option=gensec_krb5:send_authenticator_checksum=false'], "samba4.rpc.lsa.secrets on %s with Kerberos - use raw-krb5-no-authenticator-checksum style login" % transport)
375
376 # Winreg tests test bulk Kerberos encryption of DCE/RPC
377 # We test rpc.winreg here too, because the winreg interface if
378 # handled by the source3/rpc_server code.
379 for bindoptions in ["connect", "packet", "krb5", "krb5,packet", "krb5,sign", "krb5,seal", "spnego", "spnego,packet", "spnego,sign", "spnego,seal"]:
380 plansmbtorture4testsuite('rpc.winreg', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.winreg on %s with %s" % (transport, bindoptions))
381
382 for transport in transports:
383 plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, ))
384
385 # Echo tests test bulk Kerberos encryption of DCE/RPC
386 for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]:
387 echooptions = "--option=socket:testnonblock=True --option=torture:quick=yes -k yes"
388 plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), echooptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, echooptions))
389
390 for env in ["fl2000dc", "fl2008r2dc"]:
391 plansmbtorture4testsuite("net.api.become.dc", env, '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
392
393 for bindoptions in ["sign", "seal"]:
394 plansmbtorture4testsuite('rpc.backupkey', "ad_dc_default", ["ncacn_np:$SERVER[%s]" % (bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.backupkey with %s" % (bindoptions))
395
396 for transport in transports:
397 for bindoptions in ["sign", "seal"]:
398 for ntlmoptions in [
399 "--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes",
400 "--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes",
401 "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
402 "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
403 "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
404 "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
405 "--option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
406 "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes --option=torture:quick=yes",
407 "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes"]:
408 if transport == "ncalrpc":
409 env = "ad_dc_default:local"
410 else:
411 env = "ad_dc_default"
412 plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, ntlmoptions))
413
414 plansmbtorture4testsuite('rpc.echo', "ad_dc_default", ['ncacn_np:$SERVER[smb2]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on ncacn_np over smb2")
415 for env in ["ad_dc", "nt4_dc"]:
416 plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_np:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_np with object")
417 plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_ip_tcp:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_ip_tcp with object")
418
419 plansmbtorture4testsuite('ntp.signd', "ad_dc_default:local", ['ncacn_np:$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.ntp.signd")
420
421 nbt_tests = smbtorture4_testsuites("nbt.")
422 for t in nbt_tests:
423 plansmbtorture4testsuite(t, "ad_dc_ntvfs", "//$SERVER/_none_ -U\"$USERNAME%$PASSWORD\"")
424
425 # Tests against the NTVFS POSIX backend
426 ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"]
427
428 # Filter smb2 tests that should not run against ad_dc_ntvfs
429 smb2_s3only = [
430 "smb2.change_notify_disabled",
431 "smb2.dosmode",
432 "smb2.credits",
433 "smb2.kernel-oplocks",
434 "smb2.durable-v2-delay",
435 "smb2.aio_delay",
436 "smb2.fileid",
437 "smb2.timestamps",
438 "smb2.async_dosmode",
439 "smb2.twrp",
440 "smb2.ea",
441 "smb2.create_no_streams",
442 ]
443 smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only]
444
445 # The QFILEINFO-IPC test needs to be on ipc$
446 raw = list(filter(lambda x: "raw.qfileinfo.ipc" not in x, smbtorture4_testsuites("raw.")))
447 base = smbtorture4_testsuites("base.")
448
449 netapi = smbtorture4_testsuites("netapi.")
450
451 for t in base + raw + smb2 + netapi:
452 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$SERVER/tmp', '-U$USERNAME%$PASSWORD'] + ntvfsargs)
453
454 libsmbclient = smbtorture4_testsuites("libsmbclient.")
455 protocols = [ 'NT1', 'SMB3' ]
456 for t in libsmbclient:
457 url = "smb://$USERNAME:$PASSWORD@$SERVER/tmp"
458 if t == "libsmbclient.list_shares":
459 url = "smb://$USERNAME:$PASSWORD@$SERVER"
460 if t == "libsmbclient.utimes":
461 url += "/utimes.txt"
462
463 libsmbclient_testargs = [
464 '//$SERVER/tmp',
465 '-U$USERNAME%$PASSWORD',
466 "--option=torture:smburl=" + url,
467 "--option=torture:replace_smbconf="
468 "%s/testdata/samba3/smb_new.conf" % srcdir()
469 ]
470
471 for proto in protocols:
472 plansmbtorture4testsuite(
473 t,
474 "nt4_dc" if proto == "SMB3" else "nt4_dc_smb1_done",
475 libsmbclient_testargs +
476 [ "--option=torture:clientprotocol=%s" % proto],
477 "samba4.%s.%s" % (t, proto))
478
479 url = "smb://baduser:invalidpw@$SERVER/tmpguest"
480 t = "libsmbclient.noanon_list"
481 libsmbclient_testargs = [
482 '//$SERVER/tmpguest',
483 '-U$USERNAME%$PASSWORD',
484 "--option=torture:smburl=" + url,
485 "--option=torture:replace_smbconf="
486 "%s/testdata/samba3/smb_new.conf" % srcdir()
487 ]
488 for proto in protocols:
489 plansmbtorture4testsuite(t,
490 "maptoguest",
491 libsmbclient_testargs +
492 [ "--option=torture:clientprotocol=%s" % proto],
493 "samba4.%s.baduser.%s" % (t, proto))
494
495 plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
496
497 for t in smbtorture4_testsuites("rap."):
498 plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/IPC\$ -U$USERNAME%$PASSWORD')
499
500 # Tests against the NTVFS CIFS backend
501 for t in base + raw:
502 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=yes'] + ntvfsargs, modname="samba4.ntvfs.cifs.krb5.%s" % t)
503
504 # Test NTVFS CIFS backend with S4U2Self and S4U2Proxy
505 t = "base.unlink"
506 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
507 plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=yes'] + ntvfsargs, "samba4.ntvfs.cifs.krb5.%s" % t)
508 plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
509
510 plansmbtorture4testsuite('echo.udp', 'ad_dc_ntvfs:local', '//$SERVER/whatever')
511
512 # Local tests
513 for t in smbtorture4_testsuites("local."):
514 # The local.resolve test needs a name to look up using real system (not emulated) name routines
515 plansmbtorture4testsuite(t, "none", "ncalrpc:localhost")
516
517 # Confirm these tests with the system iconv too
518 for t in ["local.convert_string_handle", "local.convert_string", "local.ndr"]:
519 options = "ncalrpc: --option='iconv:use_builtin_handlers=false'"
520 plansmbtorture4testsuite(t, "none", options,
521 modname="samba4.%s.system.iconv" % t)
522
523 tdbtorture4 = binpath("tdbtorture")
524 if os.path.exists(tdbtorture4):
525 plantestsuite("tdb.stress", "none", valgrindify(tdbtorture4))
526 else:
527 skiptestsuite("tdb.stress", "Using system TDB, tdbtorture not available")
528
529 plansmbtorture4testsuite("drs.unit", "none", "ncalrpc:")
530
531 # Pidl tests
532 for f in sorted(os.listdir(os.path.join(samba4srcdir, "../pidl/tests"))):
533 if f.endswith(".pl"):
534 planperltestsuite("pidl.%s" % f[:-3], os.path.normpath(os.path.join(samba4srcdir, "../pidl/tests", f)))
535
536 # DNS tests
537 plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
538 plantestsuite_loadlist("samba.tests.dns", "rodc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
539 plantestsuite_loadlist("samba.tests.dns", "vampire_dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
540
541 plantestsuite_loadlist("samba.tests.dns_aging", "fl2003dc:local",
542 [python,
543 f"{srcdir()}/python/samba/tests/dns_aging.py",
544 '$SERVER',
545 '$SERVER_IP',
546 '--machine-pass',
547 '-U"$USERNAME%$PASSWORD"',
548 '--workgroup=$DOMAIN',
549 '$LOADLIST', '$LISTOPT'])
550
551 plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns_forwarder.py"), '$SERVER', '$SERVER_IP', '$DNS_FORWARDER1', '$DNS_FORWARDER2', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
552
553 plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc",
554 ['USERNAME_UNPRIV=$DOMAIN_USER','PASSWORD_UNPRIV=$DOMAIN_USER_PASSWORD',
555 python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"),
556 '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"',
557 '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
558 plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
559
560 plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
561
562 plantestsuite_loadlist("samba.tests.dns_packet",
563 "ad_dc",
564 [python,
565 '-msamba.subunit.run',
566 '$LOADLIST',
567 "$LISTOPT"
568 "samba.tests.dns_packet"
569 ])
570
571 plantestsuite_loadlist("samba.tests.sddl",
572 "none",
573 [python,
574 '-msamba.subunit.run',
575 '$LOADLIST',
576 "$LISTOPT"
577 "samba.tests.sddl"
578 ])
579
580 plantestsuite_loadlist("samba.tests.sddl_conditional_ace",
581 "none",
582 [python,
583 '-msamba.subunit.run',
584 '$LOADLIST',
585 "$LISTOPT"
586 "samba.tests.sddl_conditional_ace"
587 ])
588
589 for t in smbtorture4_testsuites("dns_internal."):
590 plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever')
591
592 # These tests want to run on a barely changed fresh provision, before
593 # too much happens to this environment, it is read only and local
594 # (direct to the DB) so we use proclimitdc as it is otherwise empty
595 # bar a test for process limits.
596 planpythontestsuite("proclimitdc:local", "samba.tests.dsdb_quiet_provision_tests")
597
598 # We want this local test to run in an environment where not much is happening that could use root keys
599 planpythontestsuite("chgdcpass:local", "samba.tests.dsdb_quiet_env_tests")
600
601 # Local tests
602 for t in smbtorture4_testsuites("dlz_bind9."):
603 # The dlz_bind9 tests needs to look at the DNS database
604 plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
605
606 planpythontestsuite("fileserver_smb1", "samba.tests.libsmb-basic")
607
608 planpythontestsuite("ad_member", "samba.tests.smb-notify",
609 environ={'USERNAME':'$DC_USERNAME',
610 'PASSWORD':'$DC_PASSWORD',
611 'USERNAME_UNPRIV':'alice',
612 'PASSWORD_UNPRIV':'Secret007',
613 'STRICT_CHECKING':'0',
614 'NOTIFY_SHARE':'notify_priv'})
615
616 # Blackbox Tests:
617 # tests that interact directly with the command-line tools rather than using
618 # the API. These mainly test that the various command-line options of commands
619 # work correctly.
620
621 # smbtorture --fullname parameter test
622 plantestsuite("samba4.blackbox.smbtorture_subunit_names", "none",
623 [
624 os.path.join(bbdir, "test_smbtorture_test_names.sh"),
625 smbtorture4
626 ])
627
628 for env in ["ad_member", "ad_dc_ntvfs", "chgdcpass"]:
629 plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
630
631 plantestsuite("samba4.blackbox.samba_tool(ad_dc_default:local)", "ad_dc_default:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient3])
632 plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])
633
634 plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
635
636 plantestsuite("samba4.blackbox.test_alias_membership", "ad_member_idmap_rid:local", [os.path.join(bbdir, "test_alias_membership.sh"), '$PREFIX_ABS'])
637
638 plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
639
640 planpythontestsuite("ad_dc_default", "samba.tests.blackbox.claims")
641
642 planpythontestsuite("ad_dc_default", "samba.tests.blackbox.gmsa")
643
644 if have_heimdal_support:
645 plantestsuite("samba4.blackbox.kpasswd",
646 "ad_dc:local",
647 [
648 os.path.join(bbdir, "test_kpasswd_heimdal.sh"),
649 '$SERVER',
650 '$USERNAME',
651 '$PASSWORD',
652 '$REALM',
653 '$DOMAIN',
654 "$PREFIX",
655 configuration
656 ])
657 plantestsuite("samba4.blackbox.krb5.s4u",
658 "fl2008r2dc:local",
659 [
660 os.path.join(bbdir, "test_s4u_heimdal.sh"),
661 '$SERVER',
662 '$USERNAME',
663 '$PASSWORD',
664 '$REALM',
665 '$DOMAIN',
666 '$TRUST_SERVER',
667 '$TRUST_USERNAME',
668 '$TRUST_PASSWORD',
669 '$TRUST_REALM',
670 '$TRUST_DOMAIN',
671 '$PREFIX',
672 configuration
673 ])
674 else:
675 plantestsuite("samba4.blackbox.kpasswd",
676 "ad_dc:local",
677 [
678 os.path.join(bbdir, "test_kpasswd_mit.sh"),
679 '$SERVER',
680 '$USERNAME',
681 '$PASSWORD',
682 '$REALM',
683 '$DOMAIN',
684 "$PREFIX",
685 configuration
686 ])
687
688 plantestsuite("samba4.blackbox.kinit_simple",
689 "ad_dc:local",
690 [
691 os.path.join(bbdir, "test_kinit.sh"),
692 '$SERVER',
693 '$USERNAME',
694 '$PASSWORD',
695 '$REALM',
696 '$DOMAIN',
697 '$PREFIX',
698 smbclient3,
699 configuration
700 ])
701 plantestsuite("samba4.blackbox.kinit_simple",
702 "fl2000dc:local",
703 [
704 os.path.join(bbdir, "test_kinit.sh"),
705 '$SERVER',
706 '$USERNAME',
707 '$PASSWORD',
708 '$REALM',
709 '$DOMAIN',
710 '$PREFIX',
711 smbclient3,
712 configuration
713 ])
714 plantestsuite("samba4.blackbox.kinit_simple",
715 "fl2008r2dc:local",
716 [
717 os.path.join(bbdir, "test_kinit.sh"),
718 '$SERVER',
719 '$USERNAME',
720 '$PASSWORD',
721 '$REALM',
722 '$DOMAIN',
723 '$PREFIX',
724 smbclient3,
725 configuration
726 ])
727
728
729 plantestsuite("samba4.blackbox.kinit_trust",
730 "fl2008r2dc:local",
731 [
732 os.path.join(bbdir, "test_kinit_trusts.sh"),
733 '$SERVER',
734 '$USERNAME',
735 '$PASSWORD',
736 '$REALM',
737 '$DOMAIN',
738 '$TRUST_SERVER',
739 '$TRUST_USERNAME',
740 '$TRUST_PASSWORD',
741 '$TRUST_REALM',
742 '$TRUST_DOMAIN',
743 '$PREFIX',
744 "forest",
745 configuration
746 ])
747 plantestsuite("samba4.blackbox.kinit_trust",
748 "fl2003dc:local",
749 [
750 os.path.join(bbdir, "test_kinit_trusts.sh"),
751 '$SERVER',
752 '$USERNAME',
753 '$PASSWORD',
754 '$REALM',
755 '$DOMAIN',
756 '$TRUST_SERVER',
757 '$TRUST_USERNAME',
758 '$TRUST_PASSWORD',
759 '$TRUST_REALM',
760 '$TRUST_DOMAIN',
761 '$PREFIX',
762 "external",
763 configuration
764 ])
765 plantestsuite("samba4.blackbox.kinit_trust",
766 "fl2000dc:local",
767 [
768 os.path.join(bbdir, "test_kinit_trusts.sh"),
769 '$SERVER',
770 '$USERNAME',
771 '$PASSWORD',
772 '$REALM',
773 '$DOMAIN',
774 '$TRUST_SERVER',
775 '$TRUST_USERNAME',
776 '$TRUST_PASSWORD',
777 '$TRUST_REALM',
778 '$TRUST_DOMAIN',
779 '$PREFIX',
780 "external",
781 configuration
782 ])
783
784 plantestsuite("samba4.blackbox.kinit.export.keytab",
785 "ad_dc:local",
786 [
787 os.path.join(bbdir, "test_kinit_export_keytab.sh"),
788 '$SERVER',
789 '$USERNAME',
790 '$REALM',
791 '$DOMAIN',
792 "$PREFIX",
793 smbclient3,
794 configuration
795 ])
796
797 plantestsuite("samba4.blackbox.pkinit_simple",
798 "ad_dc:local",
799 [os.path.join(bbdir, "test_pkinit_simple.sh"),
800 '$SERVER',
801 'pkinit',
802 '$PASSWORD',
803 '$REALM',
804 '$DOMAIN',
805 '$PREFIX/ad_dc',
806 smbclient3,
807 configuration])
808 plantestsuite("samba4.blackbox.pkinit_pac",
809 "ad_dc:local",
810 [os.path.join(bbdir, "test_pkinit_pac.sh"),
811 '$SERVER',
812 '$USERNAME',
813 '$PASSWORD',
814 '$REALM',
815 '$DOMAIN',
816 '$PREFIX/ad_dc',
817 configuration])
818
819 plantestsuite("samba.blackbox.client_kerberos", "ad_dc", [os.path.join(bbdir, "test_client_kerberos.sh"), '$DOMAIN', '$REALM', '$USERNAME', '$PASSWORD', '$SERVER', '$PREFIX_ABS', '$SMB_CONF_PATH'])
820
821 env="ad_member:local"
822 plantestsuite("samba.blackbox.rpcclient_schannel",
823 env,
824 [os.path.join(bbdir, "test_rpcclient_schannel.sh"),
825 '$DOMAIN',
826 '$REALM',
827 '$DC_USERNAME',
828 '$DC_PASSWORD',
829 '$DC_SERVER',
830 '$PREFIX_ABS',
831 '$SMB_CONF_PATH',
832 env])
833 env="ad_member_fips:local"
834 plantestsuite("samba.blackbox.rpcclient_schannel",
835 env,
836 [os.path.join(bbdir, "test_rpcclient_schannel.sh"),
837 '$DOMAIN',
838 '$REALM',
839 '$DC_USERNAME',
840 '$DC_PASSWORD',
841 '$DC_SERVER',
842 '$PREFIX_ABS',
843 '$SMB_CONF_PATH',
844 env],
845 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
846 'OPENSSL_FORCE_FIPS_MODE': '1'})
847
848 plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE'])
849 plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
850 plantestsuite("samba4.blackbox.trust_ntlm", "fl2000dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
851 plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
852 plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
853
854 plantestsuite("samba4.blackbox.ldap_token", "fl2008r2dc:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
855 plantestsuite("samba4.blackbox.ldap_token", "fl2003dc:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
856 plantestsuite("samba4.blackbox.ldap_token", "fl2000dc:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
857 plantestsuite("samba4.blackbox.ldap_token", "ad_member:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
858
859 plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
860 plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
861 plantestsuite("samba4.blackbox.trust_utils(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
862 plantestsuite("samba4.blackbox.trust_token", "fl2008r2dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'forest'])
863 plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
864 plantestsuite("samba4.blackbox.trust_token", "fl2000dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
865 plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
866 plantestsuite("samba4.blackbox.password_settings",
867 "ad_dc:local",
868 [
869 os.path.join(bbdir, "test_password_settings.sh"),
870 '$SERVER',
871 '$USERNAME',
872 '$PASSWORD',
873 '$REALM',
874 '$DOMAIN',
875 "$PREFIX",
876 configuration
877 ])
878 plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
879 plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
880 plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
881 plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
882 plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
883 plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
884 plantestsuite("samba4.blackbox.rfc2307_mapping",
885 "ad_dc:local",
886 [
887 os.path.join(samba4srcdir,
888 "../nsswitch/tests/test_rfc2307_mapping.sh"),
889 '$DOMAIN',
890 '$USERNAME',
891 '$PASSWORD',
892 "$SERVER",
893 "$UID_RFC2307TEST",
894 "$GID_RFC2307TEST",
895 configuration
896 ])
897 plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3])
898 plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
899 plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
900 plantestsuite("samba4.blackbox.net_offlinejoin", "ad_dc:client", [os.path.join(bbdir, "test_net_offline.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
901 plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23'])
902 plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
903 plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
904 plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
905 plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID', configuration])
906
907 env = "ad_member:local"
908 plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env,
909 [os.path.join(bbdir, "test_net_ads_search_server.sh"),
910 '$DC_SERVER', '$REALM'])
911 plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_e_both", env,
912 [os.path.join(bbdir, "test_net_ads_search_server.sh"),
913 '$TRUST_E_BOTH_SERVER', '$TRUST_E_BOTH_REALM'])
914 plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_f_both", env,
915 [os.path.join(bbdir, "test_net_ads_search_server.sh"),
916 '$TRUST_F_BOTH_SERVER', '$TRUST_F_BOTH_REALM'])
917
918 if have_gnutls_fips_mode_support:
919 plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"])
920 plantestsuite("samba4.blackbox.test_weak_disable_ntlmssp_ldap", "ad_member:local", [os.path.join(bbdir, "test_weak_disable_ntlmssp_ldap.sh"),'$DC_USERNAME', '$DC_PASSWORD'])
921
922 for env in ["ad_dc_fips", "ad_member_fips"]:
923 plantestsuite("samba4.blackbox.weak_crypto.server",
924 env,
925 [os.path.join(bbdir, "test_weak_crypto_server.sh"),
926 '$SERVER',
927 '$USERNAME',
928 '$PASSWORD',
929 '$REALM',
930 '$DOMAIN',
931 "$PREFIX/ad_dc_fips",
932 configuration],
933 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
934 'OPENSSL_FORCE_FIPS_MODE': '1'})
935
936 plantestsuite("samba4.blackbox.net_ads_fips",
937 "ad_dc_fips:client",
938 [os.path.join(bbdir, "test_net_ads_fips.sh"),
939 '$DC_SERVER',
940 '$DC_USERNAME',
941 '$DC_PASSWORD',
942 '$PREFIX_ABS'],
943 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
944 'OPENSSL_FORCE_FIPS_MODE': '1'})
945
946 t = "--krb5auth=$DOMAIN/$DC_USERNAME%$DC_PASSWORD"
947 plantestsuite("samba3.wbinfo_simple.fips.%s" % t,
948 "ad_member_fips:local",
949 [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t],
950 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
951 'OPENSSL_FORCE_FIPS_MODE': '1'})
952 plantestsuite("samba4.wbinfo_name_lookup.fips",
953 "ad_member_fips",
954 [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_name_lookup.sh"),
955 '$DOMAIN',
956 '$REALM',
957 '$DC_USERNAME'],
958 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
959 'OPENSSL_FORCE_FIPS_MODE': '1'})
960
961 plansmbtorture4testsuite('rpc.fips.netlogon.crypto',
962 'ad_dc_fips',
963 ['ncacn_np:$SERVER[krb5]',
964 '-U$USERNAME%$PASSWORD',
965 '--workgroup=$DOMAIN',
966 '--client-protection=encrypt'],
967 'samba4.rpc.fips.netlogon.crypto',
968 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
969 'OPENSSL_FORCE_FIPS_MODE': '1'})
970
971 plansmbtorture4testsuite('rpc.echo', "ad_dc_ntvfs", ['ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD'], "samba4.rpc.echo against NetBIOS alias")
972
973 # Test wbinfo trust auth
974 for env in ["ad_member_oneway:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
975 for t in ["--krb5auth=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
976 "--krb5auth=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD",
977 "--authenticate=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
978 "--authenticate=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD"]:
979 plantestsuite("samba3.wbinfo_simple.trust:%s" % t, env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
980
981 # json tests hook into ``chgdcpass'' to make them run in contributor CI on
982 # gitlab
983 planpythontestsuite("chgdcpass", "samba.tests.blackbox.netads_json")
984
985 # Tests using the "Simple" NTVFS backend
986 for t in ["base.rw1"]:
987 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ["//$SERVER/simple", '-U$USERNAME%$PASSWORD'], modname="samba4.ntvfs.simple.%s" % t)
988
989 # Domain S4member Tests
990 plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.echo against s4member server with local creds")
991 plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], "samba4.rpc.echo against s4member server with domain creds")
992 plansmbtorture4testsuite('rpc.samr', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr against s4member server with local creds")
993 plansmbtorture4testsuite('rpc.samr.users', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr.users against s4member server with local creds",)
994 plansmbtorture4testsuite('rpc.samr.passwords.default',
995 "s4member",
996 ['ncacn_np:$NETBIOSNAME',
997 '-U$NETBIOSNAME/$USERNAME%$PASSWORD'],
998 "samba4.rpc.samr.passwords.default against s4member server with local creds")
999 plantestsuite("samba4.blackbox.smbclient against s4member server with local creds", "s4member", [os.path.join(samba4srcdir, "client/tests/test_smbclient.sh"), '$NETBIOSNAME', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX', smbclient4])
1000
1001 # RPC Proxy
1002 plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], modname="samba4.rpc.echo against rpc proxy with domain creds")
1003
1004 # Tests SMB signing
1005 for mech in [
1006 "-k no",
1007 "-k no --option=clientusespnego=no",
1008 "-k no --option=gensec:spengo=no",
1009 "-k yes",
1010 "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
1011 for signing in ["--option=clientsigning=desired", "--option=clientsigning=required"]:
1012 signoptions = "%s %s" % (mech, signing)
1013 name = "smb.signing on with %s" % signoptions
1014 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], modname="samba4.%s" % name)
1015
1016 for mech in [
1017 "-k no",
1018 "-k no --option=clientusespnego=no",
1019 "-k no --option=gensec:spengo=no",
1020 "-k yes"]:
1021 signoptions = "%s --client-protection=off" % mech
1022 name = "smb.signing disabled on with %s" % signoptions
1023 plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
1024 plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], "samba4.%s" % name)
1025 plansmbtorture4testsuite('base.xcopy', "ad_dc",
1026 ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
1027
1028 plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient3])
1029 for mech in [
1030 "-k no",
1031 "-k no --option=clientusespnego=no",
1032 "-k no --option=gensec:spengo=no"]:
1033 signoptions = "%s --client-protection=off" % mech
1034 plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)
1035
1036 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=desired', '-U%'], modname="samba4.smb.signing --option=clientsigning=desired anon")
1037 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=required', '-U%'], modname="samba4.smb.signing --option=clientsigning=required anon")
1038 plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=disabled', '-U%'], modname="samba4.smb.signing --option=clientsigning=disabled anon")
1039
1040 # Test SPNEGO without issuing an optimistic token
1041 opt='--option=spnego:client_no_optimistic=yes'
1042 plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'no'], modname="samba4.smb.spnego.ntlmssp.no_optimistic")
1043 plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'yes'], modname="samba4.smb.spnego.krb5.no_optimistic")
1044
1045 wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""]
1046
1047 winbind_ad_client_tests = smbtorture4_testsuites("winbind.struct") + smbtorture4_testsuites("winbind.pac")
1048 winbind_wbclient_tests = smbtorture4_testsuites("winbind.wbclient")
1049 for env in ["ad_dc", "ad_member", "nt4_member"]:
1050 wb_opts = wb_opts_default[:]
1051 if env in ["ad_member"]:
1052 wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""]
1053 for t in winbind_ad_client_tests:
1054 plansmbtorture4testsuite(t, "%s:local" % env, wb_opts + ['//$SERVER/tmp', '--realm=$REALM', '--machine-pass', '--option=torture:addc=$DC_SERVER'])
1055
1056 for env in ["nt4_dc", "fl2003dc"]:
1057 for t in winbind_wbclient_tests:
1058 plansmbtorture4testsuite(t, "%s:local" % env, '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
1059
1060 for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "chgdcpass", "rodc"]:
1061 tests = ["--ping", "--separator",
1062 "--own-domain",
1063 "--all-domains",
1064 "--trusted-domains",
1065 "--domain-info=BUILTIN",
1066 "--domain-info=$DOMAIN",
1067 "--online-status",
1068 "--online-status --domain=BUILTIN",
1069 "--online-status --domain=$DOMAIN",
1070 "--check-secret --domain=$DOMAIN",
1071 "--change-secret --domain=$DOMAIN",
1072 "--check-secret --domain=$DOMAIN",
1073 "--online-status --domain=$DOMAIN",
1074 "--domain-users",
1075 "--domain-groups",
1076 "--name-to-sid=$DC_USERNAME",
1077 "--name-to-sid=$DOMAIN/$DC_USERNAME",
1078 "--user-info=$DOMAIN/$DC_USERNAME",
1079 "--user-groups=$DOMAIN/$DC_USERNAME",
1080 "--authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD",
1081 "--allocate-uid",
1082 "--allocate-gid"]
1083
1084 for t in tests:
1085 plantestsuite("samba.wbinfo_simple.%s" % (t.replace(" --", ".").replace("--", "")), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
1086
1087 plantestsuite(
1088 "samba.wbinfo_sids2xids.(%s:local)" % env, "%s:local" % env,
1089 [os.path.join(samba3srcdir, "script/tests/test_wbinfo_sids2xids.sh")])
1090
1091 planpythontestsuite(env + ":local", "samba.tests.ntlm_auth")
1092
1093 plantestsuite(
1094 "samba.wbinfo_u_large_ad.(ad_dc:local)",
1095 "ad_dc:local",
1096 [os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")])
1097
1098 for env in ["ktest"]:
1099 planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5")
1100
1101 for env in ["s4member_dflt_domain", "s4member"]:
1102 for cmd in ["id", "getent"]:
1103 users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
1104 if env == "s4member":
1105 users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"]
1106 for usr in users:
1107 plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir, cmd, usr))
1108
1109 nsstest4 = binpath("nsstest")
1110 for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]:
1111 if os.path.exists(nsstest4):
1112 plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "plugins/libnss_wrapper_winbind.so.2")])
1113 else:
1114 skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
1115
1116
1117 if have_gnutls_fips_mode_support:
1118 planoldpythontestsuite("ad_dc",
1119 "samba.tests.dcerpc.lsa_utils",
1120 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
1121 'OPENSSL_FORCE_FIPS_MODE': '1'})
1122 planoldpythontestsuite("ad_dc_fips",
1123 "samba.tests.dcerpc.lsa_utils",
1124 environ={'GNUTLS_FORCE_FIPS_MODE': '1',
1125 'OPENSSL_FORCE_FIPS_MODE': '1'})
1126
1127 # Run complex search expressions test once for each database backend.
1128 # Right now ad_dc has mdb and ad_dc_ntvfs has tdb
1129 mdb_testenv = "ad_dc"
1130 tdb_testenv = "ad_dc_ntvfs"
1131 for testenv in [mdb_testenv, tdb_testenv]:
1132 planoldpythontestsuite(testenv, "samba.tests.complex_expressions", extra_args=['-U"$USERNAME%$PASSWORD"'])
1133
1134 # samba.tests.gensec is only run in ad_dc to ensure it runs with and
1135 # MIT and Heimdal build, it can run against any environment that
1136 # supports FAST
1137 planoldpythontestsuite("ad_dc:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
1138
1139 planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python")
1140 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.sam")
1141 planpythontestsuite("ad_dc_default:local", "samba.tests.dsdb")
1142 planpythontestsuite("none", "samba.tests.samba_startup_fl_change")
1143 planpythontestsuite("none", "samba.tests.dsdb_lock")
1144 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.bare")
1145 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.lsa")
1146 planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.unix")
1147 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc")
1148 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.timecmd")
1149 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.join")
1150 planpythontestsuite("ad_dc_default:local", "samba.tests.ldap_whoami")
1151 planpythontestsuite("ad_member_s3_join", "samba.tests.samba_tool.join_member")
1152 planpythontestsuite("ad_dc_default",
1153 "samba.tests.samba_tool.join_lmdb_size")
1154 planpythontestsuite("ad_dc_default",
1155 "samba.tests.samba_tool.drs_clone_dc_data_lmdb_size")
1156 planpythontestsuite("ad_dc_default",
1157 "samba.tests.samba_tool.promote_dc_lmdb_size")
1158
1159 planpythontestsuite("none", "samba.tests.samba_tool.visualize")
1160
1161
1162 # test fsmo show
1163 for env in all_fl_envs:
1164 planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo")
1165
1166 # test getpassword for group managed service accounts
1167 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_getpassword_gmsa")
1168
1169 # test samba-tool user, group, contact and computer edit command
1170 for env in all_fl_envs:
1171 env += ":local"
1172 plantestsuite("samba.tests.samba_tool.user_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/user_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1173 plantestsuite("samba.tests.samba_tool.group_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/group_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1174 plantestsuite("samba.tests.samba_tool.contact_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/contact_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1175 plantestsuite("samba.tests.samba_tool.computer_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/computer_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
1176
1177 # We run this test against both AD DC implementations because it is
1178 # the only test we have of GPO get/set behaviour, and this involves
1179 # the file server as well as the LDAP server.
1180 # It's also a good sanity-check that sysvol backup worked correctly.
1181 for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
1182 smbv1_disabled_testenv]:
1183 planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo")
1184 for env in ["ad_dc_ntvfs", "ad_dc"]:
1185 planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo_exts")
1186
1187 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes")
1188
1189 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user")
1190 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_policy")
1191 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_silo")
1192 for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]:
1193 planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest")
1194 for env, nt_hash in [("ad_dc:local", True),
1195 ("ad_dc_no_ntlm:local", False)]:
1196 planpythontestsuite(env, "samba.tests.samba_tool.user",
1197 environ={"EXPECT_NT_HASH": int(nt_hash)})
1198 # test get-kerberos-ticket for locally accessible and group managed service accounts
1199 planpythontestsuite(env, "samba.tests.samba_tool.user_get_kerberos_ticket")
1200 planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword")
1201 planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg")
1202 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script")
1203
1204 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.group")
1205 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.ou")
1206 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.computer")
1207 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.contact")
1208 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.forest")
1209 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.schema")
1210 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_claim")
1211 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_policy")
1212 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_silo")
1213
1214 # This test needs to be run in an environment well apart from most
1215 # other tests as it deletes root keys and we don't want this to happen
1216 # where a gMSA account might be live.
1217 planpythontestsuite("chgdcpass", "samba.tests.samba_tool.domain_kds_root_key")
1218
1219 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_models")
1220 planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.service_account")
1221 planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema")
1222 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl")
1223 planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check")
1224 planpythontestsuite("none", "samba.tests.samba_tool.provision_lmdb_size")
1225 planpythontestsuite("none", "samba.tests.samba_tool.provision_userPassword_crypt")
1226 planpythontestsuite("none", "samba.tests.samba_tool.help")
1227 # Make sure samba-tool can execute without import failures when run
1228 # without the ad-dc built. The fileserver test environment runs against
1229 # the samba-h5l-build autobuild. This build was chosen because it's
1230 # configured with --without-ad-dc and does not disable ads, which is
1231 # required to run some samba-tool commands.
1232 planpythontestsuite("fileserver", "samba.tests.samba_tool.help")
1233
1234 planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.passwordsettings")
1235 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.dsacl")
1236
1237 planpythontestsuite("none", "samba.tests.samba_upgradedns_lmdb")
1238
1239 # Run these against chgdcpass to share the runtime load
1240 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.sites")
1241 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.dnscmd")
1242
1243 # Run this against chgdcpass to ensure at least one python3 test
1244 # against this autobuild target (samba-ad-dc-2)
1245 planpythontestsuite("chgdcpass:local", "samba.tests.dcerpc.rpcecho")
1246
1247 planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAME%$PASSWORD"'])
1248 test_bin = os.path.abspath(os.path.join(os.getenv('BINDIR', './bin'), '../python/samba/tests/bin'))
1249 planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"'],
1250 environ={'PATH':':'.join([test_bin, os.getenv('PATH', '')])})
1251 planoldpythontestsuite("ad_member", "samba.tests.gpo_member", extra_args=['-U"$USERNAME%$PASSWORD"'])
1252 planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"'])
1253
1254 planoldpythontestsuite("ad_dc", "samba.tests.sid_strings")
1255
1256 # Run the import test in environments that may not have the ad-dc built
1257 envs = ['fileserver_smb1', 'nt4_member', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']
1258 if have_cluster_support:
1259 envs.append('clusteredmember')
1260 for env in envs:
1261 planoldpythontestsuite(env, "samba.tests.imports")
1262
1263 have_fast_support = 1
1264 claims_support = 1
1265
1266 # MIT
1267 kadmin_is_tgs = int('SAMBA4_USES_HEIMDAL' not in config_hash)
1268
1269 # Heimdal
1270 compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
1271 expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
1272 extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
1273 check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
1274 check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash)
1275 expect_nt_status = int('SAMBA4_USES_HEIMDAL' in config_hash)
1276 as_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
1277 tgs_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
1278
1279 ca_dir = os.path.join('selftest', 'manage-ca', 'CA-samba.example.com')
1280
1281 # This certificate is currently used just to get the name of the certificate
1282 # issuer.
1283 ca_cert_path = os.path.join(ca_dir,
1284 'DCs',
1285 'addc.addom.samba.example.com',
1286 'DC-addc.addom.samba.example.com-cert.pem')
1287
1288 # The private key is used to issue new certificates.
1289 ca_private_key_path = os.path.join(ca_dir,
1290 'Private',
1291 'CA-samba.example.com-private-key.pem')
1292 ca_pass = '1234'
1293
1294 krb5_environ = {
1295 'SERVICE_USERNAME': '$SERVER',
1296 'ADMIN_USERNAME': '$DC_USERNAME',
1297 'ADMIN_PASSWORD': '$DC_PASSWORD',
1298 'ADMIN_KVNO': '1',
1299 'FOR_USER': '$DC_USERNAME',
1300 'STRICT_CHECKING':'0',
1301 'FAST_SUPPORT': have_fast_support,
1302 'CLAIMS_SUPPORT': claims_support,
1303 'COMPOUND_ID_SUPPORT': compound_id_support,
1304 'EXPECT_PAC': expect_pac,
1305 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
1306 'CHECK_CNAME': check_cname,
1307 'CHECK_PADATA': check_padata,
1308 'KADMIN_IS_TGS': kadmin_is_tgs,
1309 'EXPECT_NT_STATUS': expect_nt_status,
1310 'AS_REQ_LOGGING_SUPPORT': as_req_logging_support,
1311 'TGS_REQ_LOGGING_SUPPORT': tgs_req_logging_support,
1312 'CA_CERT': ca_cert_path,
1313 'CA_PRIVATE_KEY': ca_private_key_path,
1314 'CA_PASS': ca_pass,
1315 }
1316 planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
1317 planoldpythontestsuite("none", "samba.tests.krb5.claims_in_pac")
1318 planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
1319 environ=krb5_environ)
1320 for env, fast_support in [("ad_dc_default:local", True),
1321 ("fl2003dc:local", False)]:
1322 planoldpythontestsuite(env, "samba.tests.krb5.s4u_tests",
1323 environ={
1324 **krb5_environ,
1325 'FAST_SUPPORT': int(have_fast_support and fast_support),
1326 })
1327 planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
1328 environ=krb5_environ)
1329
1330 planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
1331
1332 planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests",
1333 environ=krb5_environ)
1334
1335 planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
1336 environ=krb5_environ)
1337 planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
1338 environ=krb5_environ)
1339 for env in ['ad_dc_default', 'ad_member']:
1340 planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
1341 environ=krb5_environ)
1342 planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
1343 environ=krb5_environ)
1344 planoldpythontestsuite("ad_member_idmap_nss:local",
1345 "samba.tests.krb5.test_min_domain_uid",
1346 environ=krb5_environ)
1347 planoldpythontestsuite("ad_member_idmap_nss:local",
1348 "samba.tests.krb5.test_idmap_nss",
1349 environ={
1350 **krb5_environ,
1351 'MAPPED_USERNAME': 'bob',
1352 'MAPPED_PASSWORD': 'Secret007',
1353 'UNMAPPED_USERNAME': 'jane',
1354 'UNMAPPED_PASSWORD': 'Secret007',
1355 'INVALID_USERNAME': 'joe',
1356 'INVALID_PASSWORD': 'Secret007',
1357 })
1358
1359 for env in ["ad_dc", smbv1_disabled_testenv]:
1360 planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'])
1361 planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
1362 extra_args=['-U"$USERNAME%$PASSWORD"'])
1363
1364 planoldpythontestsuite(
1365 "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
1366 extra_args=['-U"$USERNAME%$PASSWORD"'])
1367
1368 planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
1369 planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
1370
1371 planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol",
1372 environ={"MAX_NUM_AUTH": "8",
1373 "USERNAME": "$DC_USERNAME",
1374 "PASSWORD": "$DC_PASSWORD"})
1375 planoldpythontestsuite("ad_member", "samba.tests.dcerpc.raw_protocol",
1376 environ={"MAX_NUM_AUTH": "8",
1377 "AUTH_LEVEL_CONNECT_LSA": "1",
1378 "USERNAME": "$DC_USERNAME",
1379 "PASSWORD": "$DC_PASSWORD"})
1380
1381 if have_heimdal_support:
1382 planoldpythontestsuite("ad_dc_smb1:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
1383 environ={'CLIENT_IP': '10.53.57.11',
1384 'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
1385 planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
1386 environ={'CLIENT_IP': '10.53.57.11',
1387 'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
1388 planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change",
1389 extra_args=['-U"$USERNAME%$PASSWORD"'])
1390 planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change",
1391 extra_args=['-U"$USERNAME%$PASSWORD"'])
1392
1393 # these tests use a NCA local RPC connection, so always run on the
1394 # :local testenv, and so don't need to fake a client connection
1395 for env in ["ad_dc_ntvfs:local", "ad_dc:local"]:
1396 planoldpythontestsuite(env, "samba.tests.auth_log_ncalrpc", extra_args=['-U"$USERNAME%$PASSWORD"'])
1397 planoldpythontestsuite(env, "samba.tests.auth_log_samlogon",
1398 extra_args=['-U"$USERNAME%$PASSWORD"'])
1399 planoldpythontestsuite(env, "samba.tests.auth_log_netlogon",
1400 extra_args=['-U"$USERNAME%$PASSWORD"'])
1401 planoldpythontestsuite(env, "samba.tests.auth_log_netlogon_bad_creds",
1402 extra_args=['-U"$USERNAME%$PASSWORD"'])
1403
1404 planoldpythontestsuite("ad_member:local",
1405 "samba.tests.auth_log_winbind",
1406 extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
1407 planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
1408 extra_args=['-U"$USERNAME%$PASSWORD"'])
1409 planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
1410 extra_args=['-U"$USERNAME%$PASSWORD"'])
1411 planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
1412 extra_args=['-U"$USERNAME%$PASSWORD"'])
1413
1414 planoldpythontestsuite("fl2008r2dc",
1415 "samba.tests.getdcname",
1416 extra_args=['-U"$USERNAME%$PASSWORD"'])
1417
1418 planoldpythontestsuite("ad_dc_smb1",
1419 "samba.tests.net_join_no_spnego",
1420 extra_args=['-U"$USERNAME%$PASSWORD"'])
1421 planoldpythontestsuite("ad_dc",
1422 "samba.tests.net_join",
1423 extra_args=['-U"$USERNAME%$PASSWORD"'])
1424 planoldpythontestsuite("ad_dc",
1425 "samba.tests.s3_net_join",
1426 extra_args=['-U"$USERNAME%$PASSWORD"'])
1427 planoldpythontestsuite("ad_dc",
1428 "samba.tests.segfault",
1429 extra_args=['-U"$USERNAME%$PASSWORD"'],
1430 environ={"TALLOC_FREE_FILL": "0xab"})
1431 # Need to test the password hashing in multiple environments to ensure that
1432 # all the possible options are covered
1433 #
1434 # ad_dc:local functional_level >= 2008, gpg keys available
1435 planoldpythontestsuite("ad_dc:local",
1436 "samba.tests.password_hash_gpgme",
1437 extra_args=['-U"$USERNAME%$PASSWORD"'])
1438 # ad_dc_ntvfs:local functional level >= 2008, gpg keys not available
1439 planoldpythontestsuite("ad_dc_ntvfs:local",
1440 "samba.tests.password_hash_fl2008",
1441 extra_args=['-U"$USERNAME%$PASSWORD"'])
1442 # fl2003dc:local functional level < 2008, gpg keys not available
1443 planoldpythontestsuite("fl2003dc:local",
1444 "samba.tests.password_hash_fl2003",
1445 extra_args=['-U"$USERNAME%$PASSWORD"'])
1446 # ad_dc: wDigest values over ldap
1447 planoldpythontestsuite("ad_dc",
1448 "samba.tests.password_hash_ldap",
1449 extra_args=['-U"$USERNAME%$PASSWORD"'])
1450
1451 for env in ["ad_dc_backup", smbv1_disabled_testenv]:
1452 planoldpythontestsuite(env + ":local", "samba.tests.domain_backup",
1453 extra_args=['-U"$USERNAME%$PASSWORD"'])
1454
1455 planoldpythontestsuite("ad_dc",
1456 "samba.tests.domain_backup_offline")
1457 # Encrypted secrets
1458 # ensure default provision (ad_dc) and join (vampire_dc)
1459 # encrypt secret values on disk.
1460 planoldpythontestsuite("ad_dc:local",
1461 "samba.tests.encrypted_secrets",
1462 extra_args=['-U"$USERNAME%$PASSWORD"'])
1463 planoldpythontestsuite("vampire_dc:local",
1464 "samba.tests.encrypted_secrets",
1465 extra_args=['-U"$USERNAME%$PASSWORD"'])
1466 # The fl2000dc environment is provisioned with the --plaintext_secrets option
1467 # so this test will fail, which proves the secrets are not being encrypted.
1468 # There is an entry in known_fail.d.
1469 planoldpythontestsuite("fl2000dc:local",
1470 "samba.tests.encrypted_secrets",
1471 extra_args=['-U"$USERNAME%$PASSWORD"'])
1472
1473 planpythontestsuite("none",
1474 "samba.tests.lsa_string")
1475
1476 planoldpythontestsuite("ad_dc_ntvfs",
1477 "samba.tests.krb5_credentials",
1478 extra_args=['-U"$USERNAME%$PASSWORD"'])
1479
1480 for env in ["ad_dc_ntvfs", "vampire_dc", "promoted_dc"]:
1481 planoldpythontestsuite(env,
1482 "samba.tests.py_credentials",
1483 extra_args=['-U"$USERNAME%$PASSWORD"'])
1484 planoldpythontestsuite("ad_dc_ntvfs",
1485 "samba.tests.emulate.traffic",
1486 extra_args=['-U"$USERNAME%$PASSWORD"'])
1487 planoldpythontestsuite("ad_dc_ntvfs",
1488 "samba.tests.emulate.traffic_packet",
1489 extra_args=['-U"$USERNAME%$PASSWORD"'])
1490 planoldpythontestsuite("ad_dc_ntvfs",
1491 "samba.tests.blackbox.traffic_replay",
1492 extra_args=['-U"$USERNAME%$PASSWORD"'])
1493 planoldpythontestsuite("ad_dc_ntvfs",
1494 "samba.tests.blackbox.traffic_learner",
1495 extra_args=['-U"$USERNAME%$PASSWORD"'])
1496 planoldpythontestsuite("ad_dc_ntvfs",
1497 "samba.tests.blackbox.traffic_summary",
1498 extra_args=['-U"$USERNAME%$PASSWORD"'])
1499 planoldpythontestsuite("none", "samba.tests.loadparm")
1500 planoldpythontestsuite("fileserver",
1501 "samba.tests.blackbox.mdsearch",
1502 extra_args=['-U"$USERNAME%$PASSWORD"'])
1503 planoldpythontestsuite("fileserver",
1504 "samba.tests.blackbox.smbcacls_basic")
1505 planoldpythontestsuite("fileserver",
1506 "samba.tests.blackbox.smbcacls_basic",
1507 "samba.tests.blackbox.smbcacls_basic(DFS)",
1508 environ={'SHARE': 'msdfs-share',
1509 'TESTDIR': 'smbcacls_sharedir_dfs'})
1510 # Run smbcacls_propagate_inhertance tests on non msdfs root share
1511 planoldpythontestsuite("fileserver",
1512 "samba.tests.blackbox.smbcacls_propagate_inhertance")
1513 planoldpythontestsuite("fileserver",
1514 "samba.tests.blackbox.smbcacls_save_restore")
1515 planoldpythontestsuite("ad_member",
1516 "samba.tests.blackbox.smbcacls_save_restore",
1517 environ={'USER': '$DC_USERNAME',
1518 'PASSWORD' : '$DC_PASSWORD'}
1519 )
1520
1521 #
1522 # A) Run the smbcacls_propagate_inhertance tests on a msdfs root share
1523 # *without* any nested dfs links
1524 # B) Run the smbcacls_propagate_inhertance tests on a msdfs root share
1525 # *with* a nested dfs link
1526 #
1527 planoldpythontestsuite("fileserver",
1528 "samba.tests.blackbox.smbcacls_dfs_propagate_inherit",
1529 "samba.tests.blackbox.smbcacls_dfs_propagate_inherit(DFS-msdfs-root)",
1530 environ={'SHARE': 'smbcacls_share'})
1531
1532 planoldpythontestsuite("fileserver",
1533 "samba.tests.blackbox.misc_dfs_widelink")
1534 #
1535 # Want a selection of environments across the process models
1536 #
1537 for env in ["ad_dc_ntvfs:local", "ad_dc:local",
1538 "fl2003dc:local", "fl2008r2dc:local",
1539 "promoted_dc:local"]:
1540 planoldpythontestsuite(env, "samba.tests.blackbox.smbcontrol")
1541
1542 planoldpythontestsuite("none", "samba.tests.blackbox.downgradedatabase")
1543
1544 planpythontestsuite("ad_member:local", "samba.tests.blackbox.netads_dns")
1545
1546 plantestsuite_loadlist("samba4.ldap.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1547
1548 plantestsuite_loadlist("samba4.ldap_modify_order.python(ad_dc_default)",
1549 "ad_dc_default",
1550 [python, os.path.join(samba4srcdir,
1551 "dsdb/tests/python/"
1552 "ldap_modify_order.py"),
1553 # add "-v" here to diagnose
1554 '$SERVER',
1555 '-U"$USERNAME%$PASSWORD"',
1556 '--workgroup=$DOMAIN',
1557 '$LOADLIST',
1558 '$LISTOPT'])
1559
1560 plantestsuite_loadlist("samba4.ldap_modify_order.normal_user.python(ad_dc_default)",
1561 "ad_dc_default",
1562 [python, os.path.join(samba4srcdir,
1563 "dsdb/tests/python/"
1564 "ldap_modify_order.py"),
1565 '--normal-user',
1566 # add "-v" here to diagnose
1567 '$SERVER',
1568 '-U"$USERNAME%$PASSWORD"',
1569 '--workgroup=$DOMAIN',
1570 '$LOADLIST',
1571 '$LISTOPT'])
1572
1573 planoldpythontestsuite("ad_dc",
1574 "samba.tests.ldap_raw",
1575 extra_args=['-U"$USERNAME%$PASSWORD"'],
1576 environ={'TEST_ENV': 'ad_dc'})
1577
1578 plantestsuite_loadlist("samba.tests.ldap_spn", "ad_dc",
1579 [python,
1580 f"{srcdir()}/python/samba/tests/ldap_spn.py",
1581 '$SERVER',
1582 '-U"$USERNAME%$PASSWORD"',
1583 '--workgroup=$DOMAIN',
1584 '$LOADLIST', '$LISTOPT'])
1585
1586 plantestsuite_loadlist("samba.tests.ldap_upn_sam_account", "ad_dc_ntvfs",
1587 [python,
1588 f"{srcdir()}/python/samba/tests/ldap_upn_sam_account.py",
1589 '$SERVER',
1590 '-U"$USERNAME%$PASSWORD"',
1591 '--workgroup=$DOMAIN',
1592 '$LOADLIST', '$LISTOPT'])
1593
1594
1595 plantestsuite_loadlist("samba4.tokengroups.krb5.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'yes', '$LOADLIST', '$LISTOPT'])
1596 plantestsuite_loadlist("samba4.tokengroups.ntlm.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'no', '$LOADLIST', '$LISTOPT'])
1597 plantestsuite("samba4.sam.python(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1598 plantestsuite("samba4.sam.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1599 plantestsuite("samba4.asq.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "asq.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1600 plantestsuite("samba4.user_account_control.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1601 plantestsuite("samba4.priv_attrs.python(ad_dc_default)", "ad_dc_default", ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1602 plantestsuite("samba4.priv_attrs.strict.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1603 plantestsuite("samba4.unicodepwd_encrypted(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "unicodepwd_encrypted.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1604
1605 for env in ['ad_dc_default:local', 'schema_dc:local']:
1606 planoldpythontestsuite(env, "dsdb_schema_info",
1607 extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
1608 name="samba4.schemaInfo.python(%s)" % (env),
1609 extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'])
1610
1611 planpythontestsuite(env, "samba.tests.dsdb_schema_attributes")
1612
1613 plantestsuite_loadlist("samba4.urgent_replication.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "urgent_replication.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
1614 plantestsuite_loadlist("samba4.ldap.dirsync.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "dirsync.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1615 plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1616 plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules_remote.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1617 plantestsuite("samba4.ldap.index.python", "none", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/index.py")])
1618 plantestsuite_loadlist("samba4.ldap.notification.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "notification.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1619 plantestsuite_loadlist("samba4.ldap.sites.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sites.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1620
1621 env = 'vampire_dc'
1622 # Test with LMDB (GSSAPI/SASL bind)
1623 plantestsuite_loadlist("samba4.ldap.large_ldap.gssapi.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=yes', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1624
1625 env = 'ad_dc_default'
1626 # Test with TDB (NTLMSSP bind)
1627 plantestsuite_loadlist("samba4.ldap.large_ldap.ntlmssp.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=no', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1628
1629 env = 'ad_dc_ntvfs'
1630 # Test with ldaps://
1631 plantestsuite_loadlist("samba4.ldap.large_ldap.ldaps.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldaps://$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1632
1633 env = 'fl2008r2dc'
1634 # Test with straight ldap
1635 plantestsuite_loadlist("samba4.ldap.large_ldap.straight_ldap.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldap://$SERVER', '--simple-bind-dn=$USERNAME@$REALM', '--password=$PASSWORD', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1636
1637 planoldpythontestsuite("ad_dc_default", "sort", environ={'SERVER' : '$SERVER', 'DATA_DIR' : os.path.join(samba4srcdir, 'dsdb/tests/python/testdata/')}, name="samba4.ldap.sort.python", extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1638
1639 plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc)", "ad_dc:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1640
1641 plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)",
1642 "ad_dc_ntvfs:local",
1643 [python, os.path.join(samba4srcdir,
1644 "dsdb/tests/python/subtree_rename.py"),
1645 '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb',
1646 '-U"$USERNAME%$PASSWORD"',
1647 '--workgroup=$DOMAIN',
1648 '$LOADLIST',
1649 '$LISTOPT'])
1650
1651 planoldpythontestsuite(
1652 "ad_dc_ntvfs",
1653 "samba.tests.ldap_referrals",
1654 environ={
1655 'SERVER': '$SERVER',
1656 },
1657 name="samba.ldap.referrals",
1658 extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
1659
1660 # These should be the first tests run against testenvs created by backup/restore
1661 for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
1662 # check that a restored DC matches the original DC (backupfromdc)
1663 plantestsuite("samba4.blackbox.ldapcmp_restore", env,
1664 ["PYTHON=%s" % python,
1665 os.path.join(bbdir, "ldapcmp_restoredc.sh"),
1666 '$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
1667
1668 # we also test joining backupfromdc here, as it's a bit special in that it
1669 # doesn't have Default-First-Site-Name
1670 for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
1671 'labdc']:
1672 # basic test that we can join the testenv DC
1673 plantestsuite("samba4.blackbox.join_ldapcmp", env,
1674 ["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
1675
1676 env = 'backupfromdc'
1677 planoldpythontestsuite("%s:local" % env, "samba_tool_drs_no_dns",
1678 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1679 name="samba4.drs.samba_tool_drs_no_dns.python(%s)" % env,
1680 environ={'DC1': '$DC_SERVER', 'DC2': '$DC_SERVER'},
1681 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1682
1683 plantestsuite_loadlist("samba4.ldap.rodc.python(rodc)", "rodc",
1684 [python,
1685 os.path.join(DSDB_PYTEST_DIR, "rodc.py"),
1686 '$SERVER', '-U"$USERNAME%$PASSWORD"',
1687 '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1688
1689 plantestsuite_loadlist("samba4.ldap.rodc_rwdc.python(rodc)", "rodc:local",
1690 [python,
1691 os.path.join(samba4srcdir,
1692 "dsdb/tests/python/rodc_rwdc.py"),
1693 '$SERVER', '$DC_SERVER', '-U"$USERNAME%$PASSWORD"',
1694 '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1695
1696 planoldpythontestsuite("rodc:local", "replica_sync_rodc",
1697 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1698 name="samba4.drs.replica_sync_rodc.python(rodc)",
1699 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1700 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1701
1702 planoldpythontestsuite("ad_dc_default_smb1", "password_settings",
1703 extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
1704 name="samba4.ldap.passwordsettings.python",
1705 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1706
1707 for env in all_fl_envs + ["schema_dc"]:
1708 plantestsuite_loadlist("samba4.ldap_schema.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "ldap_schema.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1709 plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"])
1710 plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1711 plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1712 plantestsuite_loadlist("samba4.ldap.acl_modify.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl_modify.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1713
1714 for env in all_fl_envs + ["schema_dc", "ad_dc_no_ntlm"]:
1715 if env != "fl2000dc":
1716 # This test makes excessive use of the "userPassword" attribute which
1717 # isn't available on DCs with Windows 2000 domain function level -
1718 # therefore skip it in that configuration
1719 plantestsuite_loadlist("samba4.ldap.passwords.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "passwords.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", '$LOADLIST', '$LISTOPT'])
1720
1721 for env in ["ad_dc_slowtests"]:
1722 # This test takes a lot of time, so we run it against a minimum of
1723 # environments, please only add new ones if there's really a
1724 # difference we need to test
1725 plantestsuite_loadlist("samba4.ldap.vlv.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "vlv.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1726 plantestsuite_loadlist("samba4.ldap.confidential_attr.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "confidential_attr.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1727 plantestsuite_loadlist("samba4.ldap.password_lockout.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "password_lockout.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", '$LOADLIST', '$LISTOPT'])
1728 planoldpythontestsuite(env, "tombstone_reanimation",
1729 name="samba4.tombstone_reanimation.python",
1730 environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME', 'TEST_PASSWORD': '$PASSWORD'},
1731 extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')]
1732 )
1733 planoldpythontestsuite(env, "samba.tests.join",
1734 name="samba.tests.join.python(%s)" % env,
1735 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1736
1737 # this is a basic sanity-check of Kerberos/NTLM user login
1738 for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc", "ad_dc_no_ntlm"]:
1739 plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env,
1740 [python, os.path.join(DSDB_PYTEST_DIR, "login_basics.py"),
1741 "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM",
1742 '$LOADLIST', '$LISTOPT'])
1743
1744 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.upgradeprovisionneeddc")
1745 planpythontestsuite("ad_dc:local", "samba.tests.posixacl")
1746 planpythontestsuite("ad_dc_no_nss:local", "samba.tests.posixacl")
1747 plantestsuite_loadlist("samba4.deletetest.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "deletetest.py"),
1748 '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
1749 plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
1750 plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
1751 plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
1752 plantestsuite("samba4.blackbox.provision_fileperms", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/provision_fileperms.sh"), '$PREFIX/provision'])
1753 plantestsuite("samba4.blackbox.supported_features", "none",
1754 ["PYTHON=%s" % python,
1755 os.path.join(samba4srcdir,
1756 "setup/tests/blackbox_supported_features.sh"),
1757 '$PREFIX/provision'])
1758 plantestsuite("samba4.blackbox.start_backup", "none",
1759 ["PYTHON=%s" % python,
1760 os.path.join(samba4srcdir,
1761 "setup/tests/blackbox_start_backup.sh"),
1762 '$PREFIX/provision'])
1763 plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision'])
1764 plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision'])
1765 plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision'])
1766 plantestsuite("samba4.blackbox.group.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_group.sh"), '$PREFIX/provision'])
1767 plantestsuite("samba4.blackbox.spn.py(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_spn.sh"), '$PREFIX/ad_dc_ntvfs'])
1768 plantestsuite_loadlist("samba4.ldap.bind(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(srcdir(), "auth/credentials/tests/bind.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '$LOADLIST', '$LISTOPT'])
1769
1770 # This makes sure we test the rid allocation code
1771 t = "rpc.samr.large-dc"
1772 plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname=("samba4.%s.one" % t))
1773 plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s.two" % t)
1774
1775 # RPC smoke-tests for testenvs of interest (RODC, etc)
1776 for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
1777 plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
1778 plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
1779 plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", r'-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
1780 plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
1781 plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', binpath('smbclient')])
1782
1783 planpythontestsuite("rodc:local", "samba.tests.samba_tool.rodc")
1784
1785 plantestsuite("samba.blackbox.rpcclient_samlogon", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
1786 "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
1787
1788 plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
1789 r"testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
1790
1791 plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
1792 "testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
1793
1794
1795 # Test renaming the DC
1796 plantestsuite("samba4.blackbox.renamedc.sh", "none", ["PYTHON=%s" % python, os.path.join(bbdir, "renamedc.sh"), '$PREFIX/provision'])
1797
1798 # DRS python tests
1799 # Note that $DC_SERVER is the PDC (e.g. ad_dc_ntvfs) and $SERVER is
1800 # the 2nd DC (e.g. vampire_dc).
1801
1802 env = 'vampire_dc'
1803 planoldpythontestsuite(env, "ridalloc_exop",
1804 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1805 name="samba4.drs.ridalloc_exop.python(%s)" % env,
1806 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1807 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1808
1809 # This test can pollute the environment a little by creating and
1810 # deleting DCs which can get into the replication state for a while.
1811 #
1812 # The setting of DC1 to $DC_SERVER means that it will join towards and
1813 # operate on schema_dc. This matters most when running
1814 # test_samba_tool_replicate_local as this sets up a full temp DC and
1815 # does new replication to it, which can show up in the replication
1816 # topology.
1817 #
1818 # That is why this test is run on the isolated environment and not on
1819 # those connected with ad_dc (vampiredc/promoteddc)
1820 #
1821 # The chgdcpass environment is likewise isolated and emulates Samba 4.5
1822 # with regard to GET_ANC
1823
1824 env = 'schema_pair_dc'
1825 planoldpythontestsuite("%s:local" % env, "samba_tool_drs",
1826 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1827 name="samba4.drs.samba_tool_drs.python(%s)" % env,
1828 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1829 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1830 for env in ['chgdcpass', 'schema_pair_dc']:
1831 planoldpythontestsuite("%s:local" % env, "samba_tool_drs_critical",
1832 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1833 name="samba4.drs.samba_tool_drs_critical.python(%s)" % env,
1834 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1835 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1836
1837 env = "schema_pair_dc"
1838 planoldpythontestsuite(env, "getnc_schema",
1839 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1840 name="samba4.drs.getnc_schema.python(%s)" % env,
1841 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER',
1842 "PLEASE_BREAK_MY_WINDOWS": "1"},
1843 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1844
1845 # This test can be sensitive to the DC joins and replications done in
1846 # "samba_tool_drs" so it is run against schema_pair_dc/schema_dc
1847 # not the set of environments connected with ad_dc.
1848
1849 # This will show the replication state of ad_dc
1850 env = "schema_pair_dc"
1851 planoldpythontestsuite("%s:local" % env, "samba_tool_drs_showrepl",
1852 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1853 name="samba4.drs.samba_tool_drs_showrepl.python(%s)" % env,
1854 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1855 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1856
1857 for env in ['vampire_dc', 'promoted_dc']:
1858 planoldpythontestsuite("%s:local" % env, "replica_sync",
1859 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1860 name="samba4.drs.replica_sync.python(%s)" % env,
1861 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1862 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1863 planoldpythontestsuite(env, "delete_object",
1864 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1865 name="samba4.drs.delete_object.python(%s)" % env,
1866 environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
1867 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1868 planoldpythontestsuite(env, "fsmo",
1869 name="samba4.drs.fsmo.python(%s)" % env,
1870 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1871 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1872 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1873 planoldpythontestsuite(env, "repl_secdesc",
1874 name="samba4.drs.repl_secdesc.python(%s)" % env,
1875 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1876 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1877 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1878 planoldpythontestsuite(env, "repl_move",
1879 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1880 name="samba4.drs.repl_move.python(%s)" % env,
1881 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1882 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1883 planoldpythontestsuite(env, "getnc_unpriv",
1884 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1885 name="samba4.drs.getnc_unpriv.python(%s)" % env,
1886 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1887 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1888 planoldpythontestsuite(env, "linked_attributes_drs",
1889 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1890 name="samba4.drs.linked_attributes_drs.python(%s)" % env,
1891 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1892 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1893 planoldpythontestsuite(env, "link_conflicts",
1894 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1895 name="samba4.drs.link_conflicts.python(%s)" % env,
1896 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1897 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1898
1899 # Environment chgdcpass has the Samba 4.5 GET_ANC behaviour, which we
1900 # set a knownfail to expect
1901 for env in ['vampire_dc', 'promoted_dc', 'chgdcpass']:
1902 planoldpythontestsuite(env, "getnc_exop",
1903 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1904 name="samba4.drs.getnc_exop.python(%s)" % env,
1905 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1906 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1907
1908 for env in ['vampire_dc', 'promoted_dc', 'vampire_2000_dc']:
1909 planoldpythontestsuite(env, "repl_schema",
1910 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1911 name="samba4.drs.repl_schema.python(%s)" % env,
1912 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1913 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1914
1915 # A side-effect of the getncchanges tests is that they will create hundreds of
1916 # tombstone objects, so run them last to avoid interfering with (and slowing
1917 # down) the other DRS tests
1918 for env in ['vampire_dc', 'promoted_dc']:
1919 planoldpythontestsuite(env, "getncchanges",
1920 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1921 name="samba4.drs.getncchanges.python(%s)" % env,
1922 environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
1923 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1924
1925 for env in ['ad_dc_ntvfs']:
1926 planoldpythontestsuite(env, "repl_rodc",
1927 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1928 name="samba4.drs.repl_rodc.python(%s)" % env,
1929 environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
1930 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1931 planoldpythontestsuite(env, "cracknames",
1932 extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1933 name="samba4.drs.cracknames.python(%s)" % env,
1934 environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
1935 extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1936
1937 planoldpythontestsuite("chgdcpass:local", "samba.tests.blackbox.samba_dnsupdate",
1938 environ={'DNS_SERVER_IP': '$SERVER_IP'})
1939
1940 for env in ["s4member", "rodc", "promoted_dc", "ad_dc", "ad_member"]:
1941 plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env])
1942
1943 # Offline logon (ad_member)
1944 plantestsuite("samba.blackbox.offline_logon",
1945 "ad_member_offlogon",
1946 [os.path.join(bbdir, "test_offline_logon.sh"),
1947 '$DOMAIN',
1948 'alice', 'Secret007',
1949 'bob', 'Secret007',
1950 'jane', 'Secret007',
1951 'joe', 'Secret007'])
1952
1953 #
1954 # KDC Tests
1955 #
1956
1957 # This test is for users cached at the RODC
1958 plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD',
1959 '--workgroup=$DOMAIN', '--realm=$REALM',
1960 '--option=torture:krb5-upn=testdenied_upn@$REALM.upn',
1961 '--option=torture:expect_rodc=true'],
1962 "samba4.krb5.kdc with account DENIED permission to replicate to an RODC")
1963 plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", r'-Utestallowed\ account%$PASSWORD',
1964 '--workgroup=$DOMAIN', '--realm=$REALM',
1965 '--option=torture:expect_machine_account=true',
1966 r'--option=torture:krb5-upn=testallowed\ upn@$REALM',
1967 '--option=torture:krb5-hostname=testallowed',
1968 '--option=torture:expect_rodc=true',
1969 '--option=torture:expect_cached_at_rodc=true'],
1970 "samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC")
1971
1972 # This ensures we have correct behaviour on a server that is not not the PDC emulator
1973 env = "promoted_dc"
1974 plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'],
1975 "samba4.krb5.kdc with specified account")
1976 plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestupnspn%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM',
1977 '--option=torture:expect_machine_account=true',
1978 '--option=torture:krb5-upn=http/testupnspn.$DNSNAME@$REALM',
1979 '--option=torture:krb5-hostname=testupnspn.$DNSNAME',
1980 '--option=torture:krb5-service=http'],
1981 "samba4.krb5.kdc with account having identical UPN and SPN")
1982 for env in ["fl2008r2dc", "fl2003dc"]:
1983 fast_support = have_fast_support
1984 if env in ["fl2003dc"]:
1985 fast_support = 0
1986 planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests",
1987 environ={
1988 **krb5_environ,
1989 'FAST_SUPPORT': fast_support,
1990 })
1991
1992 for env in ["ad_dc"]:
1993 fast_support = have_fast_support
1994 planoldpythontestsuite(env, "samba.tests.krb5.netlogon",
1995 environ={
1996 **krb5_environ,
1997 'FAST_SUPPORT': fast_support,
1998 'NETLOGON_STRONG_KEY_SUPPORT': '0',
1999 'NETLOGON_AUTH_KRB5_SUPPORT': '1',
2000 })
2001
2002 planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
2003 environ=krb5_environ)
2004
2005 for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
2006 if env == "rodc":
2007 # The machine account is cached at the RODC, as it is the local account
2008 extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true']
2009 else:
2010 extra_options = []
2011
2012 plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P',
2013 '--workgroup=$DOMAIN', '--realm=$REALM',
2014 '--option=torture:krb5-hostname=$SERVER',
2015 '--option=torture:run_removedollar_test=true',
2016 '--option=torture:expect_machine_account=true'] + extra_options,
2017 "samba4.krb5.kdc with machine account")
2018
2019 planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests",
2020 environ=krb5_environ)
2021 for env, fast_support in [("ad_dc", True),
2022 ("fl2003dc", False)]:
2023 planpythontestsuite(env, "samba.tests.krb5.compatability_tests",
2024 environ={
2025 **krb5_environ,
2026 'FAST_SUPPORT': int(have_fast_support and fast_support),
2027 })
2028 planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
2029 environ=krb5_environ)
2030 planpythontestsuite(
2031 "ad_dc",
2032 "samba.tests.krb5.kdc_tgs_tests",
2033 environ=krb5_environ)
2034 planpythontestsuite(
2035 "ad_dc",
2036 "samba.tests.krb5.fast_tests",
2037 environ=krb5_environ)
2038 planpythontestsuite(
2039 "ad_dc",
2040 "samba.tests.krb5.ms_kile_client_principal_lookup_tests",
2041 environ=krb5_environ)
2042 planpythontestsuite(
2043 "ad_dc",
2044 "samba.tests.krb5.spn_tests",
2045 environ=krb5_environ)
2046 planpythontestsuite(
2047 "ad_dc",
2048 "samba.tests.krb5.alias_tests",
2049 environ=krb5_environ)
2050 planoldpythontestsuite(
2051 'ad_dc',
2052 'samba.tests.krb5.pac_align_tests',
2053 environ=krb5_environ)
2054 planoldpythontestsuite(
2055 'ad_dc',
2056 'samba.tests.krb5.protected_users_tests',
2057 environ=krb5_environ)
2058 for env, nt_hash in [("ad_dc:local", True),
2059 ("ad_dc_no_ntlm:local", False)]:
2060 planoldpythontestsuite(
2061 env,
2062 'samba.tests.krb5.nt_hash_tests',
2063 environ={
2064 **krb5_environ,
2065 'EXPECT_NT_HASH': int(nt_hash),
2066 })
2067 planoldpythontestsuite(
2068 'ad_dc',
2069 'samba.tests.krb5.kpasswd_tests',
2070 environ=krb5_environ)
2071 planoldpythontestsuite(
2072 'ad_dc',
2073 'samba.tests.krb5.claims_tests',
2074 environ=krb5_environ)
2075 planoldpythontestsuite(
2076 'ad_dc',
2077 'samba.tests.krb5.device_tests',
2078 environ=krb5_environ)
2079 planoldpythontestsuite(
2080 'ad_dc:local',
2081 'samba.tests.krb5.lockout_tests',
2082 environ=krb5_environ)
2083 planoldpythontestsuite(
2084 'ad_dc',
2085 'samba.tests.krb5.group_tests',
2086 environ=krb5_environ)
2087 for env, forced_rc4 in [('ad_dc', False),
2088 ('promoted_dc', True)]:
2089 planoldpythontestsuite(
2090 env,
2091 'samba.tests.krb5.etype_tests',
2092 environ={
2093 **krb5_environ,
2094 'DC_SERVER': '$SERVER',
2095 'DC_SERVER_IP': '$SERVER_IP',
2096 'DC_SERVER_IPV6': '$SERVER_IPV6',
2097 'FORCED_RC4': int(forced_rc4),
2098 })
2099 planoldpythontestsuite(
2100 'ad_dc',
2101 'samba.tests.krb5.authn_policy_tests',
2102 environ=krb5_environ)
2103 planoldpythontestsuite(
2104 'ad_dc',
2105 'samba.tests.krb5.pkinit_tests',
2106 environ=krb5_environ)
2107 planoldpythontestsuite(
2108 'ad_dc',
2109 'samba.tests.krb5.conditional_ace_tests',
2110 environ=krb5_environ)
2111 planoldpythontestsuite(
2112 'ad_dc',
2113 'samba.tests.krb5.gkdi_tests',
2114 environ=krb5_environ)
2115 planoldpythontestsuite(
2116 'ad_dc:local',
2117 'samba.tests.krb5.gmsa_tests',
2118 environ=krb5_environ)
2119
2120 for env in [
2121 'vampire_dc',
2122 'promoted_dc']:
2123 planoldpythontestsuite(env, "samba.tests.kcc",
2124 name="samba.tests.kcc",
2125 environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME',
2126 'TEST_PASSWORD': '$PASSWORD',
2127 'TEST_ENV': env
2128 },
2129 extra_path=[os.path.join(srcdir(), "samba/python"), ])
2130 planpythontestsuite(env, "samba.tests.samba_tool.visualize_drs")
2131
2132 planpythontestsuite("ad_dc_default:local", "samba.tests.kcc.kcc_utils")
2133
2134 for env in ["simpleserver", "fileserver", "nt4_dc", "ad_dc",
2135 "ad_member", "offlinebackupdc", "restoredc", "renamedc", "labdc", 'schema_pair_dc']:
2136 planoldpythontestsuite(env, "netlogonsvc",
2137 extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
2138 name="samba.tests.netlogonsvc.python(%s)" % env)
2139
2140 for env in ["ktest", "ad_member", "ad_dc_no_ntlm"]:
2141 planoldpythontestsuite(env, "ntlmdisabled",
2142 extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
2143 name="samba.tests.ntlmdisabled.python(%s)" % env)
2144
2145 # Demote the vampire DC, it must be the last test each DC, before the dbcheck
2146 for env in ['vampire_dc', 'promoted_dc', 'rodc']:
2147 planoldpythontestsuite(env, "samba.tests.samba_tool.demote",
2148 name="samba.tests.samba_tool.demote",
2149 environ={
2150 'CONFIGFILE': '$PREFIX/%s/etc/smb.conf' % env
2151 },
2152 extra_args=['-U"$USERNAME%$PASSWORD"'],
2153 extra_path=[os.path.join(srcdir(), "samba/python")]
2154 )
2155 # TODO: Verifying the databases really should be a part of the
2156 # environment teardown.
2157 # check the databases are all OK. PLEASE LEAVE THIS AS THE LAST TEST
2158 for env in ["ad_dc", "fl2000dc", "fl2003dc", "fl2008r2dc",
2159 'vampire_dc', 'promoted_dc', 'backupfromdc', 'restoredc',
2160 'renamedc', 'offlinebackupdc', 'labdc']:
2161 plantestsuite("samba4.blackbox.dbcheck(%s)" % env, env + ":local", ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck.sh"), '$PREFIX/provision', configuration])
2162
2163 #
2164 # Tests to verify bug 13653 https://bugzilla.samba.org/show_bug.cgi?id=13653
2165 # ad_dc has an lmdb backend, ad_dc_ntvfs has a tdb backend.
2166 #
2167 planoldpythontestsuite("ad_dc_ntvfs:local",
2168 "samba.tests.blackbox.bug13653",
2169 extra_args=['-U"$USERNAME%$PASSWORD"'],
2170 environ={'TEST_ENV': 'ad_dc_ntvfs'})
2171 planoldpythontestsuite("ad_dc:local",
2172 "samba.tests.blackbox.bug13653",
2173 extra_args=['-U"$USERNAME%$PASSWORD"'],
2174 environ={'TEST_ENV': 'ad_dc'})
2175 # cmocka tests not requiring a specific environment
2176 #
2177 plantestsuite("samba4.dsdb.samdb.ldb_modules.unique_object_sids", "none",
2178 [os.path.join(bindir(), "test_unique_object_sids")])
2179 plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.tdb", "none",
2180 [os.path.join(bindir(), "test_encrypted_secrets_tdb")])
2181 plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb", "none",
2182 [os.path.join(bindir(), "test_encrypted_secrets_mdb")])
2183 plantestsuite("lib.audit_logging.audit_logging", "none",
2184 [os.path.join(bindir(), "audit_logging_test")])
2185 plantestsuite("lib.audit_logging.audit_logging.errors", "none",
2186 [os.path.join(bindir(), "audit_logging_error_test")])
2187 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_util", "none",
2188 [os.path.join(bindir(), "test_audit_util")])
2189 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log", "none",
2190 [os.path.join(bindir(), "test_audit_log")])
2191 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log.errors", "none",
2192 [os.path.join(bindir(), "test_audit_log_errors")])
2193 plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit", "none",
2194 [os.path.join(bindir(), "test_group_audit")])
2195 plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit.errors", "none",
2196 [os.path.join(bindir(), "test_group_audit_errors")])
2197 plantestsuite("samba4.dcerpc.dnsserver.dnsutils", "none",
2198 [os.path.join(bindir(), "test_rpc_dns_server_dnsutils")])
2199 plantestsuite("libcli.drsuapi.repl_decrypt", "none",
2200 [os.path.join(bindir(), "test_repl_decrypt")])
2201 plantestsuite("librpc.ndr.ndr_string", "none",
2202 [os.path.join(bindir(), "test_ndr_string")])
2203 plantestsuite("librpc.ndr.ndr", "none",
2204 [os.path.join(bindir(), "test_ndr")])
2205 plantestsuite("librpc.ndr.ndr_macros", "none",
2206 [os.path.join(bindir(), "test_ndr_macros")])
2207 plantestsuite("librpc.ndr.ndr_dns_nbt", "none",
2208 [os.path.join(bindir(), "test_ndr_dns_nbt")])
2209 plantestsuite("librpc.ndr.test_ndr_gmsa", "none",
2210 [os.path.join(bindir(), "test_ndr_gmsa")])
2211 plantestsuite("libcli.ldap.ldap_message", "none",
2212 [os.path.join(bindir(), "test_ldap_message")])
2213
2214 # process restart and limit tests, these break the environment so need to run
2215 # in their own specific environment
2216 planoldpythontestsuite("preforkrestartdc:local",
2217 "samba.tests.prefork_restart",
2218 extra_path=[
2219 os.path.join(srcdir(), 'python/samba/tests')],
2220 extra_args=['-U"$USERNAME%$PASSWORD"'],
2221 name="samba.tests.prefork_restart")
2222 planoldpythontestsuite("preforkrestartdc:local",
2223 "samba.tests.blackbox.smbcontrol_process",
2224 extra_path=[
2225 os.path.join(srcdir(), 'python/samba/tests')],
2226 extra_args=['-U"$USERNAME%$PASSWORD"'],
2227 name="samba.tests.blackbox.smbcontrol_process")
2228 planoldpythontestsuite("proclimitdc",
2229 "samba.tests.process_limits",
2230 extra_path=[
2231 os.path.join(srcdir(), 'python/samba/tests')],
2232 extra_args=['-U"$USERNAME%$PASSWORD"'],
2233 name="samba.tests.process_limits")
2234
2235 planoldpythontestsuite("none", "samba.tests.usage")
2236 planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc")
2237 planoldpythontestsuite("none", "samba.tests.compression")
2238 planpythontestsuite("none", "samba.tests.security_descriptors")
2239
2240 if have_cluster_support:
2241 cluster_environ = {
2242 "SERVER_HOSTNAME": "$NETBIOSNAME",
2243 "INTERFACE_GROUP_NAME": "$NETBIOSNAME.$REALM",
2244 "CLUSTER_SHARE": "registry_share",
2245 "USERNAME": "$DC_USERNAME",
2246 "PASSWORD": "$DC_PASSWORD",
2247 }
2248 planpythontestsuite("clusteredmember:local",
2249 "samba.tests.blackbox.rpcd_witness_samba_only",
2250 environ=cluster_environ)
GSS-enabled samba4