diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /selftest | |
parent | Initial commit. (diff) | |
download | samba-upstream.tar.xz samba-upstream.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
230 files changed, 25301 insertions, 0 deletions
diff --git a/selftest/README b/selftest/README new file mode 100644 index 0000000..c898c3c --- /dev/null +++ b/selftest/README @@ -0,0 +1,120 @@ +# vim: ft=rst + +This directory contains test scripts that are useful for running a +bunch of tests all at once. + +There are two parts to this: + + * The test runner (selftest/selftest.pl) + * The test formatter + +selftest.pl simply outputs subunit, which can then be formatted or analyzed +by tools that understand the subunit protocol. One of these tools is +format-subunit, which is used by default as part of "make test". + +Available testsuites +==================== +The available testsuites are obtained from a script, usually +source{3,4}/selftest/tests.py. This script should for each testsuite output +the name of the test, the command to run and the environment that should be +provided. Use the included "plantest" function to generate the required output. + +Testsuite behaviour +=================== + +Exit code +------------ +The testsuites should exit with a non-zero exit code if at least one +test failed. Skipped tests should not influence the exit code. + +Output format +------------- +Testsuites can simply use the exit code to indicate whether all of their +tests have succeeded or one or more have failed. It is also possible to +provide more granular information using the Subunit protocol. + +This protocol works by writing simple messages to standard output. Any +messages that can not be interpreted by this protocol are considered comments +for the last announced test. + +For a full description of the subunit protocol, see the README file in the subunit +repository at http://github.com/testing-cabal/subunit. + +The following commands are Samba extensions to Subunit: + +start-testsuite +~~~~~~~~~~~~~~~ +start-testsuite: name + +The testsuite name is used as prefix for all containing tests. + +skip-testsuite +~~~~~~~~~~~~~~ +skip-testsuite: name + +Mark the testsuite with the specified name as skipped. + +testsuite-success +~~~~~~~~~~~~~~~~~ +testsuite-success: name + +Indicate that the testsuite has succeeded successfully. + +testsuite-fail +~~~~~~~~~~~~~~ +testsuite-fail: name + +Indicate that a testsuite has failed. + +Environments +============ +Tests often need to run against a server with particular things set up, +a "environment". This environment is provided by the test "target": Samba 3, +Samba 4 or Windows. + +The environments are currently available include + + - none: No server set up, no variables set. + - dc,s3dc: Domain controller set up. The following environment variables will + be set: + + * USERNAME: Administrator user name + * PASSWORD: Administrator password + * DOMAIN: Domain name + * REALM: Realm name + * SERVER: DC host name + * SERVER_IP: DC IPv4 address + * SERVER_IPV6: DC IPv6 address + * NETBIOSNAME: DC NetBIOS name + * NETIOSALIAS: DC NetBIOS alias + + - member,s4member,s3member: Domain controller and member server that is joined to it set up. The + following environment variables will be set: + + * USERNAME: Domain administrator user name + * PASSWORD: Domain administrator password + * DOMAIN: Domain name + * REALM: Realm name + * SERVER: Name of the member server + +See Samba.pm, Samba3.pm and Samba4.pm for the full list. + +Running tests +============= + +To run all the tests use:: + + make test + +To run a quicker subset run:: + + make quicktest + +To run a specific test, use this syntax:: + + make test TESTS=testname + +for example:: + + make test TESTS=samba4.BASE-DELETE + diff --git a/selftest/SocketWrapper.pm b/selftest/SocketWrapper.pm new file mode 100644 index 0000000..67a4ec9 --- /dev/null +++ b/selftest/SocketWrapper.pm @@ -0,0 +1,81 @@ +#!/usr/bin/perl +# Bootstrap Samba and run a number of tests against it. +# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org> + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + + +package SocketWrapper; + +use Exporter; +@ISA = qw(Exporter); +@EXPORT_OK = qw(setup_dir setup_pcap set_default_iface); + +use strict; +use warnings; +use FindBin qw($RealBin); + +sub setup_dir($$) +{ + my ($dir, $pcap) = @_; + my $pcap_dir = undef; + + if (defined($dir)) { + if ( -d $dir ) { + unlink <$dir/*>; + } else { + mkdir($dir, 0777); + } + + if ($pcap) { + $pcap_dir = $dir."/pcap"; + + if ( -d $pcap_dir ) { + unlink <$pcap_dir/*>; + } else { + mkdir($pcap_dir, 0777); + } + } + } + + if (defined($pcap_dir)) { + $ENV{SOCKET_WRAPPER_PCAP_DIR} = $pcap_dir; + } else { + delete $ENV{SOCKET_WRAPPER_PCAP_DIR}; + } + + if (defined($dir)) { + $ENV{SOCKET_WRAPPER_DIR} = $dir; + } else { + delete $ENV{SOCKET_WRAPPER_DIR}; + } + + return $dir; +} + +sub setup_pcap($) +{ + my ($pcap_file) = @_; + + $ENV{SOCKET_WRAPPER_PCAP_FILE} = $pcap_file; +} + +sub set_default_iface($) +{ + my ($i) = @_; + $ENV{SOCKET_WRAPPER_DEFAULT_IFACE} = $i; +} + +1; diff --git a/selftest/Subunit.pm b/selftest/Subunit.pm new file mode 100644 index 0000000..07f3ac2 --- /dev/null +++ b/selftest/Subunit.pm @@ -0,0 +1,114 @@ +# Perl module for parsing and generating the Subunit protocol +# Copyright (C) 2008-2009 Jelmer Vernooij <jelmer@samba.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +package Subunit; +use POSIX; +use Time::HiRes; + +require Exporter; +@ISA = qw(Exporter); + +use strict; +use warnings; + +sub start_test($) +{ + my ($testname) = @_; + print "test: $testname\n"; +} + +sub end_test($$;$) +{ + my $name = shift; + my $result = shift; + my $reason = shift; + if ($reason) { + print "$result: $name [\n"; + print $reason; + if (substr($reason, -1, 1) ne "\n") { print "\n"; } + print "]\n"; + } else { + print "$result: $name\n"; + } +} + +sub report_time() +{ + my ($time) = @_; + $time = Time::HiRes::time() unless (defined($time)); + my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = gmtime($time); + $sec = ($time - int($time) + $sec); + my $msg = sprintf("%f", $sec); + if (substr($msg, 1, 1) eq ".") { + $msg = "0" . $msg; + } + printf "time: %04d-%02d-%02d %02d:%02d:%s\n", $year+1900, $mon+1, $mday, $hour, $min, $msg; +} + +sub progress_pop() +{ + print "progress: pop\n"; +} + +sub progress_push() +{ + print "progress: push\n"; +} + +sub progress($;$) +{ + my ($count, $whence) = @_; + + unless(defined($whence)) { + $whence = ""; + } + + print "progress: $whence$count\n"; +} + +# The following are Samba extensions: + +sub start_testsuite($) +{ + my ($name) = @_; + print "testsuite: $name\n"; +} + +sub skip_testsuite($;$) +{ + my ($name, $reason) = @_; + if ($reason) { + print "skip-testsuite: $name [\n$reason\n]\n"; + } else { + print "skip-testsuite: $name\n"; + } +} + +sub end_testsuite($$;$) +{ + my $name = shift; + my $result = shift; + my $reason = shift; + if ($reason) { + print "testsuite-$result: $name [\n"; + print "$reason\n"; + print "]\n"; + } else { + print "testsuite-$result: $name\n"; + } +} + +1; diff --git a/selftest/TODO b/selftest/TODO new file mode 100644 index 0000000..67776ff --- /dev/null +++ b/selftest/TODO @@ -0,0 +1,2 @@ +- warn about unexpected successes +- better way to detect that smbd has finished initialization diff --git a/selftest/checkpassword_arg1.sh b/selftest/checkpassword_arg1.sh new file mode 100755 index 0000000..ecaeb2e --- /dev/null +++ b/selftest/checkpassword_arg1.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# + +set -e +set -u + +ACCOUNT_NAME="${SAMBA_CPS_ACCOUNT_NAME}" +INVALIDPW="$1" +NEWPW=$(cat -) + +echo -n "${NEWPW}" | grep -q "^${INVALIDPW}\$" && { + echo "Found invalid password" >&1 + exit 1 +} + +echo -n "${NEWPW}" | grep -q "^${ACCOUNT_NAME}\$" && { + echo "Password includes ACCOUNT_NAME" >&1 + exit 1 +} + +exit 0 diff --git a/selftest/create_smb1_fail_skipfile.txt b/selftest/create_smb1_fail_skipfile.txt new file mode 100644 index 0000000..aea772f --- /dev/null +++ b/selftest/create_smb1_fail_skipfile.txt @@ -0,0 +1,190 @@ +From a85b0a942ef07b6188255b2fee2fc379e9310409 Mon Sep 17 00:00:00 2001 +From: Noel Power <noel.power@suse.com> +Date: Fri, 27 Sep 2019 15:24:25 +0100 +Subject: [PATCH] selftest: Generate a list of skip entries for SMB1 + +The following changes prepare the test system so we can generate +the list of tests that fail when SMB1 can no longer be negotiated + +1. +Change the values of 'min protocol' set for the various test +environments to be SMB2_02. + +Servers will only offer protocols starting with the min specified in the +conf files, we don't need to change the client value here yet (until SMB1 is +truely gone) + +2. +The following environments will still negotiate SMB1 + ad_dc_ntvfs, rpc_proxy & s4member + +3. +Make test wont stop on first error + +Once this patch is applied either +a. Commit to gitlab or +b. Run a private autobuild + +For the failing test jobs gather the stdout logs and run the parser + + source4/scripting/devel/test_errors_regrex.py logfile + +over the output. This script will generate lines suitable for a +skipfile. + +It is a good idea as a final step to say create a file e.g. + + selftest/skip_smb1_fails + +and then exclude those tests, running CI with patch similar to wscript +below will verify that the list of tests is complete. + +--- a/selftest/wscript ++++ b/selftest/wscript +@@ -179,6 +179,9 @@ def cmd_testonly(opt): + else: + env.FILTER_OPTIONS = '${FILTER_XFAIL}' + ++ # Maybe this should be optional ++ env.OPTIONS += ' --exclude=${srcdir}/selftest/skip_smb1_fails' ++ +--- + script/autobuild.py | 2 +- + selftest/target/Samba3.pm | 4 +-- + selftest/target/Samba4.pm | 14 ++++++-- + source4/scripting/devel/test_errors_regrex.py | 49 +++++++++++++++++++++++++++ + 4 files changed, 63 insertions(+), 6 deletions(-) + create mode 100755 source4/scripting/devel/test_errors_regrex.py + +diff --git a/script/autobuild.py b/script/autobuild.py +index 85167cfa993..5bf087f652c 100755 +--- a/script/autobuild.py ++++ b/script/autobuild.py +@@ -184,7 +184,7 @@ def format_option(name, value=None): + + def make_test( + cmd='make test', +- FAIL_IMMEDIATELY=1, ++ FAIL_IMMEDIATELY=0, + TESTS='', + include_envs=None, + exclude_envs=None): +diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm +index 41d439ea91a..ca14f86e0a4 100755 +--- a/selftest/target/Samba3.pm ++++ b/selftest/target/Samba3.pm +@@ -1708,8 +1708,8 @@ sub provision($$$$$$$$$) + panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY) + smbd:suicide mode = yes + +- client min protocol = CORE +- server min protocol = LANMAN1 ++ client min protocol = SMB2_02 ++ server min protocol = SMB2_02 + + workgroup = $domain + +diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm +index 1310e2ff09f..dd7fc807703 100755 +--- a/selftest/target/Samba4.pm ++++ b/selftest/target/Samba4.pm +@@ -713,8 +713,8 @@ sub provision_raw_step1($$) + log level = $ctx->{server_loglevel} + lanman auth = Yes + ntlm auth = Yes +- client min protocol = CORE +- server min protocol = LANMAN1 ++ client min protocol = SMB2_02 ++ server min protocol = SMB2_02 + mangled names = yes + dns update command = $ctx->{samba_dnsupdate} + spn update command = $ctx->{python} $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf} +@@ -1188,6 +1188,9 @@ rpc_server:winreg = embedded + rpc_server:spoolss = embedded + rpc_daemon:spoolssd = embedded + rpc_server:tcpip = no ++ # override the new SMB2 only default ++ client min protocol = CORE ++ server min protocol = LANMAN1 + "; + if ($more_conf) { + $extra_smb_conf = $extra_smb_conf . $more_conf . "\n"; +@@ -1238,7 +1241,9 @@ sub provision_rpc_proxy($$$) + dcerpc endpoint servers = epmapper, remote + dcerpc_remote:interfaces = rpcecho + dcerpc_remote:allow_anonymous_fallback = yes +- ++ # override the new SMB2 only default ++ client min protocol = CORE ++ server min protocol = LANMAN1 + [cifs_to_dc] + path = /tmp/_ignore_cifs_to_dc_/_none_ + read only = no +@@ -1470,6 +1475,9 @@ sub provision_ad_dc_ntvfs($$$) + dsdb password event notification = true + dsdb group change notification = true + server schannel = auto ++ # override the new SMB2 only default ++ client min protocol = CORE ++ server min protocol = LANMAN1 + "; + push (@{$extra_provision_options}, "--use-ntvfs"); + my $ret = $self->provision($prefix, +diff --git a/source4/scripting/devel/test_errors_regrex.py b/source4/scripting/devel/test_errors_regrex.py +new file mode 100755 +index 00000000000..eedfdbb6c35 +--- /dev/null ++++ b/source4/scripting/devel/test_errors_regrex.py +@@ -0,0 +1,49 @@ ++#!/usr/bin/env python3 ++# ++# Simple script to parse make test stdout results ++# to find the tests that are in error, the scrip ++# then creates a line for each error suitable for ++# putting into a skip file. ++# This scripts intended use is in SMB1 to SMB2 test ++# porting where it can be used to parse for failing ++# scripts in the case where the test envs are set ++# to not negotiate SMB1 ++# ++import sys ++import re ++import os ++ ++def parse_errors(infile): ++ all_tests = [] ++ error_tests = [] ++ # get all test lines ++ last_err = "" ++ for line in infile: ++ line = line.rstrip(os.linesep) ++ if re.match("^\[.* at .*\]", line): ++ test_info = line.split(',') ++ if len(test_info) > 1: ++ err = test_info[1].split()[0] ++ if err != last_err: ++ error_tests.append(all_tests[-1]) ++ last_err = err ++ all_tests.append(line.split(']',1)[1].lstrip()) ++ return error_tests ++ ++def main(): ++ if len(sys.argv) < 2: ++ print ("no args passed") ++ sys.exit(1) ++ print ("processing %s" % sys.argv[1]) ++ inputf = sys.argv[1] ++ f = open(inputf, "r") ++ failing_tests = parse_errors(f) ++ f.close() ++ for t in failing_tests: ++ # adust t fo regex ++ t = t.replace('(', '\\(').replace(')', '\\)') ++ t = t.replace('[', '\\[').replace(']', '\\]') ++ t = "^" + t ++ print("%s" % t) ++if __name__ == '__main__': ++ main() +-- +2.16.4 + diff --git a/selftest/devel_env.sh b/selftest/devel_env.sh new file mode 100644 index 0000000..d1c0736 --- /dev/null +++ b/selftest/devel_env.sh @@ -0,0 +1,11 @@ +# This file can be sourced using +# +# source selftest/devel_env.sh +# +# So that you can run 'make test' on your box with better +# debugging and without syncs slowing down the tests. +# +export TDB_NO_FSYNC=1 +export NMBD_DONT_LOG_STDOUT=1 +export SMBD_DONT_LOG_STDOUT=1 +export WINBINDD_DONT_LOG_STDOUT=1 diff --git a/selftest/filter-subunit b/selftest/filter-subunit new file mode 100755 index 0000000..99e1c41 --- /dev/null +++ b/selftest/filter-subunit @@ -0,0 +1,115 @@ +#!/usr/bin/env python3 +# Filter a subunit stream +# Copyright (C) 2009-2011 Jelmer Vernooij <jelmer@samba.org> + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# NOTE: This script is a hack, meant as a placeholder until we can migrate +# to upstream subunit's filtering tools. + +import optparse +import sys +import signal + +sys.path.insert(0, "bin/python") + +import subunithelper + +parser = optparse.OptionParser("filter-subunit [options] < instream > outstream") +parser.add_option("--expected-failures", type="string", action="append", + help=("File or directory containing lists of regexes matching tests " + "to consider known failures")) +parser.add_option("--flapping", type="string", action="append", + help=("File or directory containing lists of flapping tests, " + "of which to ignore results.")) +parser.add_option("--strip-passed-output", action="store_true", + help="Whether to strip output from tests that passed") +parser.add_option("--fail-immediately", action="store_true", + help="Whether to stop on the first error", default=False) +parser.add_option("--prefix", type="string", default='', + help="Add prefix to all test names") +parser.add_option("--suffix", type="string", default='', + help="Add suffix to all test names") +parser.add_option("--fail-on-empty", default=False, + action="store_true", help="Fail if there was no subunit output") +parser.add_option("--list", default=False, + action="store_true", help="Operate in list mode") +parser.add_option("--perf-test-output", default=False, + action="store_true", help="orientate output for performance measurement") +opts, args = parser.parse_args() + +if opts.list: + for l in sys.stdin: + sys.stdout.write("%s%s%s\n" % (opts.prefix, l.rstrip(), opts.suffix)) + sys.exit(0) + +if opts.perf_test_output: + bad_options = [] + for bad_opt in ('fail_immediately', 'strip_passed_output', + 'flapping', 'expected_failures'): + if getattr(opts, bad_opt): + bad_options.append(bad_opt) + if bad_options: + print("--perf-test-output is incompatible with --%s" % + (', --'.join(x.replace('_', '-') for x in bad_options)), + file=sys.stderr) + sys.exit(1) + +if opts.expected_failures: + expected_failures = subunithelper.read_test_regexes(*opts.expected_failures) +else: + expected_failures = {} + + +if opts.flapping: + flapping = subunithelper.read_test_regexes(*opts.flapping) +else: + flapping = {} + +statistics = { + 'TESTS_UNEXPECTED_OK': 0, + 'TESTS_EXPECTED_OK': 0, + 'TESTS_UNEXPECTED_FAIL': 0, + 'TESTS_EXPECTED_FAIL': 0, + 'TESTS_ERROR': 0, + 'TESTS_SKIP': 0, +} + +def handle_sigint(sig, stack): + sys.exit(0) +signal.signal(signal.SIGINT, handle_sigint) + +out = subunithelper.SubunitOps(sys.stdout) + +if opts.perf_test_output: + msg_ops = subunithelper.PerfFilterOps(out, opts.prefix, opts.suffix) +else: + msg_ops = subunithelper.FilterOps(out, opts.prefix, opts.suffix, + expected_failures, + opts.strip_passed_output, + fail_immediately=opts.fail_immediately, + flapping=flapping) + +try: + from io import TextIOWrapper as TextIOWrapper + forgiving_stdin = TextIOWrapper(sys.stdin.buffer, errors='ignore', encoding='utf-8') + ret = subunithelper.parse_results(msg_ops, statistics, forgiving_stdin) +except subunithelper.ImmediateFail: + sys.stdout.flush() + sys.exit(1) + +if opts.fail_on_empty and not msg_ops.seen_output: + sys.exit(1) +else: + sys.exit(ret) diff --git a/selftest/flapping b/selftest/flapping new file mode 100644 index 0000000..8c3f9e8 --- /dev/null +++ b/selftest/flapping @@ -0,0 +1,35 @@ +# This file contains a list of regular expressions matching the names of +# tests that are flapping. In other words, they sometimes succeed and +# sometimes fail, depending on external factors. +# +# "make test" will not report failures or successes for tests listed here. +# +# DO NOT ADD TESTS HERE UNLESS THEY ARE ACTUALLY FLAPPING +# +# It is much better to add known failing tests to 'knownfail', so the +# test system can warn when they actually start passing. +^samba3.raw.mux.* #This test is flaky on the async lock time +^samba3.smbtorture_s3.*OPLOCK4 # fails sometimes on sn-devel +^samba4.nbt.winsreplication.owned # fails sometimes, timing related +^samba3.rpc.spoolss.*printserver.enum_printers_old # fails on some hosts due to timing issues ? +^samba3.rpc.spoolss.printer.*addprinterex.print_test # another intermittent failure +^samba3.rap.printing # fails sometimes on sn-devel +^samba3.rpc.spoolss.printer.*addprinter.print_test # fails on some hosts due to timing issues ? +^samba3.rpc.spoolss.printer.addprinter.print_job_enum # fails on some hosts due to bug 10930 +^samba3.rpc.spoolss.printer.addprinterex.print_job_enum # fails on some hosts due to bug 10930 +^samba3.rpc.lsa.privileges.lsa.Privileges\(nt4_dc\) # fails sometimes on sn-devel +^samba4.blackbox.gentest # is flakey due to timing +^samba3.smb2.acls.INHERITANCE\(ad_dc\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 +^samba3.smb2.acls.DYNAMIC\(ad_dc\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 +^samba3.raw.acls.dynamic\(ad_dc\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 +^samba3.raw.acls.inheritance\(ad_dc\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 +^samba3.raw.samba3checkfsp.samba3checkfsp\(ad_dc_smb1\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 +^samba3.raw.samba3closeerr.samba3closeerr\(ad_dc_smb1\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 +^samba4.smb2.create.mkdir-dup\(ad_dc_ntvfs\) # This test (for bug 11486) involves a race, not always protected against in the NTVFS file server +^samba4.winbind.struct.domain_info.ad_member # flakey on sn-devel-104 and sn-devel-144 +# +# This test just is not reliable in finding the max search limit +# +^samba4.ldap.notification.python\(.*\).__main__.LDAPNotificationTest.test_max_search +^samba3.blackbox.smbclient_s3.*.sending a message to the remote server # flakey on sn-devel-104 and sn-devel-144 +^samba3.blackbox.smbclient_s3.*.creating a good symlink and deleting it by path # flakey on sn-devel-104 and sn-devel-144 diff --git a/selftest/flapping.d/README b/selftest/flapping.d/README new file mode 100644 index 0000000..cf32da2 --- /dev/null +++ b/selftest/flapping.d/README @@ -0,0 +1,14 @@ +# Files in this directory contain lists of regular expressions +# matching the names of tests that are that are flapping. In other +# words, they sometimes succeed and sometimes fail, depending on +# external factors. +# +# "make test" will not report failures or successes for tests listed here. +# +# DO NOT ADD TESTS HERE UNLESS THEY ARE ACTUALLY FLAPPING +# +# It is much better to add known failing tests to 'knownfail', so the +# test system can warn when they actually start passing. +# +# Empty lines and lines beginning with '#' are ignored. +# Please don't add tests to this README! diff --git a/selftest/flapping.d/dnsserver b/selftest/flapping.d/dnsserver new file mode 100644 index 0000000..9b33e85 --- /dev/null +++ b/selftest/flapping.d/dnsserver @@ -0,0 +1,2 @@ +# This is not stable in samba due to a bug +^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_enum_is_sorted_children
\ No newline at end of file diff --git a/selftest/flapping.d/getdcname b/selftest/flapping.d/getdcname new file mode 100644 index 0000000..4c12e75 --- /dev/null +++ b/selftest/flapping.d/getdcname @@ -0,0 +1,2 @@ +# winbind appears to return inconsistent answers (depending on whether or not it uses NETBIOS queries or not) +^samba.tests.getdcname.samba.tests.getdcname.GetDCNameEx.test_get_dc_over_winbind_with_site_netbios.fl2008r2dc:local.* diff --git a/selftest/flapping.d/nbt_dgram b/selftest/flapping.d/nbt_dgram new file mode 100644 index 0000000..bb35a7d --- /dev/null +++ b/selftest/flapping.d/nbt_dgram @@ -0,0 +1,9 @@ +# following SMB1/SMB2 test env split it seems this test +# fails randomly however it doesn't seem to be directly +# related to the changes (e.g. not protocl negotiation +# specific) Best guess is the order of test having being +# changed (as a result of test moving env) or some other +# strange env related side affect is causing this. +^samba3.nbt.dgram.ntlogon\(ad_dc\) +^samba3.nbt.dgram.netlogon\(ad_dc\) +^samba3.nbt.dgram.netlogon2\(ad_dc\) diff --git a/selftest/flapping.d/rfc2307 b/selftest/flapping.d/rfc2307 new file mode 100644 index 0000000..2e37edc --- /dev/null +++ b/selftest/flapping.d/rfc2307 @@ -0,0 +1 @@ +^idmap.rfc2307.Testing for expected group memberships diff --git a/selftest/flapping.d/samba_tool_drs_showrepl b/selftest/flapping.d/samba_tool_drs_showrepl new file mode 100644 index 0000000..eff8433 --- /dev/null +++ b/selftest/flapping.d/samba_tool_drs_showrepl @@ -0,0 +1 @@ +.+samba_tool_drs_showrepl.SambaToolDrsShowReplTests.test_samba_tool_showrepl_pull_summary_all_good diff --git a/selftest/flapping.d/smb2_notify b/selftest/flapping.d/smb2_notify new file mode 100644 index 0000000..7ff17f1 --- /dev/null +++ b/selftest/flapping.d/smb2_notify @@ -0,0 +1,2 @@ +# Added to flapping at Metze's request. He plans to follow this up soon +^samba3.smb2.notify.valid-req\( diff --git a/selftest/flapping.d/wbinfo b/selftest/flapping.d/wbinfo new file mode 100644 index 0000000..8ccf2cb --- /dev/null +++ b/selftest/flapping.d/wbinfo @@ -0,0 +1 @@ +^samba.blackbox.wbinfo\(ad_member:local\).confirm diff --git a/selftest/flapping.d/whoami b/selftest/flapping.d/whoami new file mode 100644 index 0000000..82f6356 --- /dev/null +++ b/selftest/flapping.d/whoami @@ -0,0 +1 @@ +^samba3.unix.whoami machine account.whoami\(nt4_member:local\) diff --git a/selftest/format-subunit b/selftest/format-subunit new file mode 100755 index 0000000..b27513a --- /dev/null +++ b/selftest/format-subunit @@ -0,0 +1,52 @@ +#!/usr/bin/env python3 +# vim: expandtab +# Pretty-format subunit output +# Copyright (C) 2008-2010 Jelmer Vernooij <jelmer@samba.org> +# Published under the GNU GPL, v3 or later + +import optparse +import os +import signal +import sys + +sys.path.insert(0, "bin/python") + +import subunithelper + +parser = optparse.OptionParser("format-subunit [options]") +parser.add_option("--verbose", action="store_true", + help="Be verbose") +parser.add_option("--immediate", action="store_true", + help="Show failures immediately, don't wait until test run has finished") +parser.add_option("--prefix", type="string", default=".", + help="Prefix to write summary to") + +opts, args = parser.parse_args() + +def handle_sigint(sig, stack): + sys.exit(0) + +signal.signal(signal.SIGINT, handle_sigint) + +statistics = { + 'SUITES_FAIL': 0, + 'TESTS_UNEXPECTED_OK': 0, + 'TESTS_EXPECTED_OK': 0, + 'TESTS_UNEXPECTED_FAIL': 0, + 'TESTS_EXPECTED_FAIL': 0, + 'TESTS_ERROR': 0, + 'TESTS_SKIP': 0, +} + +msg_ops = subunithelper.PlainFormatter(opts.verbose, opts.immediate, statistics) + +expected_ret = subunithelper.parse_results(msg_ops, statistics, sys.stdin) + +summaryfile = os.path.join(opts.prefix, "summary") + +msg_ops.write_summary(summaryfile) + +print("\nA summary with detailed information can be found in:") +print(" %s" % summaryfile) + +sys.exit(expected_ret) diff --git a/selftest/format-subunit-json b/selftest/format-subunit-json new file mode 100644 index 0000000..d9d912c --- /dev/null +++ b/selftest/format-subunit-json @@ -0,0 +1,52 @@ +#!/usr/bin/env python3 +# Copyright (C) 2008-2010 Jelmer Vernooij <jelmer@samba.org> +# Copyright (C) 2016 Douglas Bagnall <douglas.bagnall@catalyst.net.nz> +# Published under the GNU GPL, v3 or later +import optparse +import os +import signal +import sys +import json + +sys.path.insert(0, "bin/python") + + +def json_formatter(src_f, dest_f): + """We're not even pretending to be a TestResult subclass; just read + from stdin and look for elapsed-time tags.""" + results = {} + + for line in src_f: + line = line.strip() + if line[:14] == 'elapsed-time: ': + name, time = line[14:].rsplit(':', 1) + results[name] = float(time) + + json.dump(results, dest_f, + sort_keys=True, indent=2, separators=(',', ': ')) + + +def main(): + parser = optparse.OptionParser("format-subunit-json [options]") + parser.add_option("--verbose", action="store_true", + help="ignored, for compatibility") + parser.add_option("--immediate", action="store_true", + help="ignored, for compatibility") + parser.add_option("--prefix", type="string", default=".", + help="Prefix to write summary.json to") + opts, args = parser.parse_args() + + fn = os.path.join(opts.prefix, "summary.json") + f = open(fn, 'w') + json_formatter(sys.stdin, f) + f.close() + print() + print("A JSON file summarising these tests performance found in:") + print(" ", fn) + + +def handle_sigint(sig, stack): + sys.exit(0) + +signal.signal(signal.SIGINT, handle_sigint) +main() diff --git a/selftest/gdb_backtrace b/selftest/gdb_backtrace new file mode 100755 index 0000000..ec2396a --- /dev/null +++ b/selftest/gdb_backtrace @@ -0,0 +1,145 @@ +#!/bin/sh + +BASENAME=$(basename $0) + +unset LD_PRELOAD + +if [ -n "$VALGRIND" -o -n "$SMBD_VALGRIND" ]; then + echo "${BASENAME}: Not running debugger under valgrind" + exit 1 +fi + +if [ "x$PLEASE_NO_GDB_BACKTRACE" != "x" ]; then + echo "${BASENAME}: Not running debugger because PLEASE_NO_GDB_BACKTRACE is set" + exit 0 +fi + +# we want everything on stderr, so the program is not disturbed +exec 1>&2 + +UNAME=$(uname) + +PID=$1 +BINARY=$2 + +test x"${PID}" = x"" && { + echo "Usage: ${BASENAME} <pid> [<binary>]" + exit 1 +} + +DB_LIST="gdb" +case "${UNAME}" in +# +# on Tru64 we need to try ladebug first +# because gdb crashes itself... +# +OSF1) + DB_LIST="ladebug ${DB_LIST}" + ;; +# +# On solaris dbx is working way more better than gdb +# let's try it first +# +SunOS) + DB_LIST="dbx ${DB_LIST}" + ;; +# +# FreeBSD comes with a flavor that works gdb66 and one that don't gdb +# (gdb 6.1) let's try it first the one that works ! +# +FreeBSD) + DB_LIST="gdb66 ${DB_LIST}" + ;; +esac + +for DB in ${DB_LIST}; do + DB_BIN=$(which ${DB} 2>/dev/null | grep '^/') + test x"${DB_BIN}" != x"" && { + break + } +done + +test x"${DB_BIN}" = x"" && { + echo "${BASENAME}: ERROR: No debugger found." + exit 1 +} + +need_binary="no" +case "${DB}" in +# These debuggers need the process binary specified: +ladebug) + need_binary="yes" + ;; +gdb66) + need_binary="yes" + ;; +dbx) + need_binary="yes" + ;; +esac + +test x"${need_binary}" = x"yes" && { + + # we first try to use /proc/${PID}/exe or /proc/{$PID}/path for solaris + # then fallback to the binary from the commandline + # then we search for the commandline argument with + # 'which' + # + test -f "/proc/${PID}/exe" && BINARY="/proc/${PID}/exe" + test -f "/proc/${PID}/path/a.out" && BINARY=$(ls -l /proc/${PID}/path/a.out | sed 's/.*-> //') + test x"${BINARY}" = x"" && BINARY="/proc/${PID}/exe" + test -f "${BINARY}" || BINARY=$(which ${BINARY}) + + test -f "${BINARY}" || { + echo "${BASENAME}: ERROR: Cannot find binary '${BINARY}'." + exit 1 + } +} + +BATCHFILE_PRE=$(mktemp --tmpdir gdb_backtrace_pre.XXXXXXXXXX) +test -n "${BATCHFILE_PRE}" || { + echo "mktemp doesn't work" 1>&2 + exit 1 +} +BATCHFILE_MAIN=$(mktemp --tmpdir gdb_backtrace_main.XXXXXXXXXX) +test -n "${BATCHFILE_MAIN}" || { + echo "mktemp doesn't work" 1>&2 + exit 1 +} +case "${DB}" in +ladebug) + cat <<EOF >${BATCHFILE_PRE} +set \$stoponattach +EOF + + cat <<EOF >${BATCHFILE_MAIN} +where +quit +EOF + ${DB_BIN} -c "${BATCHFILE_MAIN}" -i "${BATCHFILE_PRE}" -pid "${PID}" "${BINARY}" + ;; +gdb66) + cat <<EOF >${BATCHFILE_MAIN} +set height 1000 +bt full +info locals +kill +quit +EOF + ${DB_BIN} -x "${BATCHFILE_MAIN}" "${BINARY}" "${PID}" + ;; +gdb) + cat <<EOF >${BATCHFILE_MAIN} +set height 0 +bt full +thread apply all bt full +info locals +quit +EOF + ${DB_BIN} -batch -x "${BATCHFILE_MAIN}" --pid "${PID}" </dev/null + ;; +dbx) + ${DB_BIN} "where;dump;kill;quit" "${BINARY}" "${PID}" + ;; +esac +/bin/rm -f ${BATCHFILE_PRE} ${BATCHFILE_MAIN} diff --git a/selftest/gdb_backtrace_test.c b/selftest/gdb_backtrace_test.c new file mode 100644 index 0000000..993596d --- /dev/null +++ b/selftest/gdb_backtrace_test.c @@ -0,0 +1,42 @@ +/* + +add a useful tool to test the gdb_backtrace script + +just compile it with +cc -g -o gdb_backtrace_test gdb_backtrace_test.c + +and run it in the same directory where your gdb_backtrace script is. + +2006 - Stefan Metzmacher <metze@samba.org> + +*/ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +static const char *prog; + +static void sig_fault(int sig) +{ + int ret; + char cmdstr[200]; + + snprintf(cmdstr, sizeof(cmdstr), + "./gdb_backtrace %u %s", + getpid(), prog); + printf("sig_fault start: %s\n", cmdstr); + ret = system(cmdstr); + printf("sig_fault end: %d\n", ret); +} + +int main(int argc, const char **argv) +{ + prog = argv[0]; + + signal(SIGABRT, sig_fault); + + abort(); + return 0; +} diff --git a/selftest/gdb_run b/selftest/gdb_run new file mode 100755 index 0000000..4cc26dd --- /dev/null +++ b/selftest/gdb_run @@ -0,0 +1,21 @@ +#!/bin/sh + +ENV="$1" + +shift 1 + +TMPFILE=$(mktemp --tmpdir gdb_run.XXXXXXXXXX) +test -n "${TMPFILE}" || { + echo "mktemp doesn't work" 1>&2 + exit 1 +} + +cat <<EOF >$TMPFILE +run +bt +EOF + +trap "/bin/rm -f $TMPFILE" EXIT +CMD="gdb -x $TMPFILE --args $@" +echo $CMD +eval $ENV "$CMD" diff --git a/selftest/gnupg/gpg.conf b/selftest/gnupg/gpg.conf new file mode 100644 index 0000000..33b9f9f --- /dev/null +++ b/selftest/gnupg/gpg.conf @@ -0,0 +1,4 @@ + +keyid-format long +fingerprint +default-key 4952E40301FAB41A diff --git a/selftest/gnupg/pubring.gpg b/selftest/gnupg/pubring.gpg Binary files differnew file mode 100644 index 0000000..b3fa9cc --- /dev/null +++ b/selftest/gnupg/pubring.gpg diff --git a/selftest/gnupg/secring.gpg b/selftest/gnupg/secring.gpg Binary files differnew file mode 100644 index 0000000..09dd9fd --- /dev/null +++ b/selftest/gnupg/secring.gpg diff --git a/selftest/gnupg/trustdb.gpg b/selftest/gnupg/trustdb.gpg Binary files differnew file mode 100644 index 0000000..bfe8f06 --- /dev/null +++ b/selftest/gnupg/trustdb.gpg diff --git a/selftest/in_screen b/selftest/in_screen new file mode 100755 index 0000000..d7d1b53 --- /dev/null +++ b/selftest/in_screen @@ -0,0 +1,94 @@ +#!/usr/bin/env bash + +export TMPDIR="$SELFTEST_TMPDIR" + +SERVERNAME="$ENVNAME" +[ -z "$SERVERNAME" ] && SERVERNAME="base" +basedir=$TMPDIR + +[ -r $basedir/$SERVERNAME.pid ] && { + for i in {2..100}; do + if [ ! -r "$basedir/${SERVERNAME}-$i.pid" ]; then + SERVERNAME="${SERVERNAME}-$i" + break + fi + done +} + +rm -f $basedir/$SERVERNAME.{launch,log,parent.pid,pid,status} + +# set most of the environment vars we have in the screen session too +_ENV="" +printenv | + egrep -v '^TERMCAP|^WINDOW|^SHELL|^STY|^SHLVL|^SAMBA_VALGRIND|\$' | + egrep '^[A-Z]' | + sed "s/\(^[^=]*=\)\(.*\)/export \1'\2'/g" >$basedir/$SERVERNAME.vars + +cat <<EOF >$basedir/$SERVERNAME.launch +cd $PWD + echo \$\$ > $basedir/$SERVERNAME.pid + . $basedir/$SERVERNAME.vars + echo "\$(date) starting $SERVERNAME" >> $basedir/$SERVERNAME.log + $@ + echo \$? > $basedir/$SERVERNAME.status + read parent < $basedir/$SERVERNAME.parent.pid + kill \$parent +EOF +pid=$$ + +cleanup() +{ + trap "exit 1" SIGINT SIGTERM SIGPIPE + [ -r $basedir/$SERVERNAME.status ] && { + read status <$basedir/$SERVERNAME.status + echo "$(date) samba exited with status $status" >>$basedir/$SERVERNAME.log + exit $status + } + + case $ENVNAME in + *.nmbd | *.smbd | *.winbindd | *.samba | *.samba_dcerpcd) + kill $(cat $basedir/../"${ENVNAME%\.*}"/pid/"${ENVNAME##*\.}".pid) + ;; + esac + + read pid <$basedir/$SERVERNAME.pid + echo "$(date) Killing samba pid $pid from $$" >>$basedir/$SERVERNAME.log + if [ "$pid" = "$$" ]; then + exit 1 + fi + kill -9 $pid 2>&1 + exit 1 +} + +echo $$ >$basedir/$SERVERNAME.parent.pid +trap cleanup SIGINT SIGTERM SIGPIPE + +if [[ "$TMUX" ]]; then + TMUX_CMD=tmux + if [[ $TMUX = *tmate* ]]; then + TMUX_CMD=tmate + fi + + $TMUX_CMD new-window -n test:$SERVERNAME "bash $basedir/$SERVERNAME.launch" + + # tmux seems to lag a bit for new sessions. Don't create them too + # quickly one after another + sleep .1 +else + screen -r -X screen -t test:$SERVERNAME bash $basedir/$SERVERNAME.launch +fi +echo "$(date) waiting in $$" >>$basedir/$SERVERNAME.log +read stdin_var +echo "$(date) EOF on stdin" >>$basedir/$SERVERNAME.log + +case $ENVNAME in +*.nmbd | *.smbd | *.winbindd | *.samba | *.samba_dcerpcd) + kill $(cat $basedir/../"${ENVNAME%\.*}"/pid/"${ENVNAME##*\.}".pid) + ;; +esac + +read pid <$basedir/$SERVERNAME.pid +echo "$(date) killing $pid" >>$basedir/$SERVERNAME.log +kill $pid 2>/dev/null +echo "$(date) exiting" >>$basedir/$SERVERNAME.log +exit 0 diff --git a/selftest/knownfail b/selftest/knownfail new file mode 100644 index 0000000..a89616c --- /dev/null +++ b/selftest/knownfail @@ -0,0 +1,389 @@ +# This file contains a list of regular expressions matching the names of +# tests that are expected to fail. +# +# "make test" will not report failures for tests listed here and will consider +# a successful run for any of these tests an error. + +^samba3.blackbox.failure.failure # this is designed to fail, for testing our test infrastructure +.*driver.add_driver_timestamps # we only can store dates, not timestamps + ^samba3.smbtorture_s3.crypt_server\(nt4_dc\).SMB2-SESSION-REAUTH # expected to give ACCESS_DENIED SMB2.1 doesn't have encryption +^samba3.smbtorture_s3.crypt_server\(nt4_dc\).SMB2-SESSION-RECONNECT # expected to give CONNECTION_DISCONNECTED, we need to fix the test +^samba3.smbtorture_s3.plain.*SMB2-DIR-FSYNC.*\(ad_dc_ntvfs\) +^samba3.smbtorture_s3.plain.*SMB2-PATH-SLASH.*\(ad_dc_ntvfs\) +^samba3.smbtorture_s3.plain.LOCK11.*\(ad_dc_ntvfs\) +^samba3.smb2.session enc.reconnect # expected to give CONNECTION_DISCONNECTED, we need to fix the test +^samba3.raw.session enc # expected to give ACCESS_DENIED as SMB1 encryption isn't used +^samba3.smbtorture_s3.crypt_server # expected to give ACCESS_DENIED as SMB1 encryption isn't used +^samba3.smbtorture_s3.*.LOCK12.*\(fileserver_smb1\) +^samba3.smbtorture_s3.*.LOCK12.*\(nt4_dc_smb1\) +^samba3.nbt.dgram.*netlogon2\(nt4_dc\) +^samba3.*rap.sam.*.useradd # Not provided by Samba 3 +^samba3.*rap.sam.*.userdelete # Not provided by Samba 3 +^samba3.libsmbclient.opendir # This requires a workgroup called 'WORKGROUP' and for netbios browse lists to have been registered +# see bug 8412 +^samba3.smb2.rename.*.simple_nodelete +^samba3.smb2.rename.*.no_share_delete_no_delete_access +^samba3.blackbox.smbclient_machine_auth.plain.*nt4_dc:local # the NT4 DC does not currently set up a self-join +^samba3.raw.samba3hide.samba3hide\(ad_dc_smb1\) # This test fails against the ad_dc environment. +^samba3.raw.samba3closeerr.samba3closeerr\(nt4_dc_smb1\) # This test fails against an smbd environment with NT ACLs enabled +^samba3.raw.samba3closeerr.samba3closeerr\(fileserver_smb1\) # This test fails against an smbd environment with NT ACLs enabled +^samba3.raw.acls nfs4acl_xattr-simple-40.INHERITFLAGS\(nt4_dc_smb1\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet. +^samba3.raw.acls nfs4acl_xattr-simple-40.create_owner_file\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-simple-40.create_owner_dir\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-simple-40.nulldacl\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-simple-41.create_owner_file\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-simple-41.create_owner_dir\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-simple-41.nulldacl\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-special-40.INHERITFLAGS\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-special-40.create_owner_file\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-special-40.create_owner_dir\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-special-40.nulldacl\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-special-40.inherit_creator_owner\(nt4_d_smb1\) +^samba3.raw.acls nfs4acl_xattr-special-40.inherit_creator_group\(nt4_dc\) +^samba3.raw.acls nfs4acl_xattr-xdr-40.INHERITFLAGS\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-40.create_owner_file\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-40.create_owner_dir\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-40.nulldacl\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-40.inherit_creator_owner\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-40.inherit_creator_group\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-41.create_owner_file\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-41.create_owner_dir\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-xdr-41.nulldacl\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-40.INHERITFLAGS\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-40.create_owner_file\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-40.create_owner_dir\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-40.nulldacl\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-40.inherit_creator_owner\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-40.inherit_creator_group\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-41.create_owner_file\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-41.create_owner_dir\(nt4_dc_smb1\) +^samba3.raw.acls nfs4acl_xattr-nfs-41.nulldacl\(nt4_dc_smb1\) +^samba3.base.delete.deltest16a +^samba3.base.delete.deltest17a +^samba3.unix.whoami anonymous connection.whoami\(ad_dc_smb1\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token +# smbclient4 behaves differently from smbclient (s3) when encountering +# logon failures when possesing a valid ticket. Test below has been +# changed to use smbclient (in order to support SMB2) and this part of the +# test fails due to this difference +^samba4.blackbox.chgdcpass.Test login with kerberos ccache after 2nd password change\(chgdcpass\) +# these show that we still have some differences between our system +# with our internal iconv because it passes except when we bypass our +# internal iconv modules +^samba4.local.convert_string_handle.system.iconv.gd_ascii +^samba4.local.convert_string_handle.system.iconv.gd_iso8859_cp850 +^samba4..*base.delete.*.deltest17\( +^samba4..*base.delete.*.deltest17b +^samba4..*base.delete.*.deltest17c +^samba4..*base.delete.*.deltest17e +^samba4..*base.delete.*.deltest17f +^samba4..*base.delete.*.deltest20a +^samba4..*base.delete.*.deltest20b +^samba4.raw.session.reauth +^samba4.raw.session.expire1 +^samba4.raw.rename.*.osxrename +^samba4.raw.rename.*.directory rename +^samba4.rpc.winreg.*security +^samba4.local.registry.*.(dir|ldb).check hive security +^samba4.local.registry.*.local.security +^samba4.rpc.wkssvc +^samba4.rpc.handles.*.lsarpc-shared +^samba4.rpc.epmapper.*.Lookup_simple +^samba4.rpc.epmapper.*.Map_simple +^samba4.rpc.epmapper.*.Map_full +^samba3.rpc.epmapper.*.Map_full +^samba4.rpc.lsalookup on ncalrpc +^samba4.rpc.lsalookup on ncacn_np +^samba4.rpc.lsalookup with seal,padcheck +^samba4.rpc.lsalookup with validate +^samba4.rpc.lsalookup with bigendian +^samba4.rpc.lsa on ncacn_np with seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY +^samba4.rpc.lsa with seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY +^samba4.rpc.lsa.secrets.*seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY +^samba4.rpc.netlogon.*.LogonUasLogon +^samba4.rpc.netlogon.*.LogonUasLogoff +^samba4.rpc.netlogon.*.DatabaseSync +^samba4.rpc.netlogon.*.DatabaseSync2 +^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomains +^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx +^samba4.rpc.netlogon.*.GetPassword +^samba4.rpc.netlogon.*.DatabaseRedo +^samba4.rpc.netlogon.*.netlogon.lsa_over_netlogon\(ad_dc\) #Broken by split of \\pipe\lsass from \\pipe\netlogon in the IDL +^samba4.rpc.netlogon.*.netlogon.SetupCredentialsDowngrade\(ad_dc_ntvfs\) # Broken by allowing NT4 crypto on this environment +^samba4.rpc.netlogon.*.netlogon.SetupCredentialsDowngrade\(ad_dc_ntvfs:local\) # Broken by allowing NT4 crypto on this environment +^samba4.rpc.drsuapi.*ncacn_ip_tcp.*validate # should only work with seal +^samba4.rpc.drsuapi.*ncacn_ip_tcp.*bigendian # should only work with seal +^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.validate # should only work with seal +^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.bigendian # should only work with seal +^samba4.base.charset.*.Testing partial surrogate +^samba4.smb2.charset.*.Testing partial surrogate # This test is currently broken +^samba3.smb2.charset.*.Testing partial surrogate # This test is currently broken +^samba4.*.base.maximum_allowed # broken until we implement NTCREATEX_OPTIONS_BACKUP_INTENT +^samba..*.smb2.maximum_allowed +.*net.api.delshare.* # DelShare isn't implemented yet +^samba4.smb2.oplock.doc +^samba4.smb2.lock.valid-request +^samba4.raw.lock.multilock6.ad_dc_ntvfs +^samba4.ldap.python \(ad_dc_default\).Test add_ldif\(\) with BASE64 security descriptor input using WRONG domain SID\(.*\)$ +^samba4.raw.lock.*.async # bug 6960 +^samba4.raw.open.ntcreatex_supersede +^samba4.smb2.lock.*.multiple-unlock # bug 6959 +^samba4.raw.sfileinfo.*.end-of-file\(.*\)$ # bug 6962 +^samba4.raw.oplock.*.batch22 # bug 6963 +^samba4.raw.oplock.*.doc1 +^samba4.raw.oplock.*.exclusive5 +^samba4.raw.oplock.*.exclusive9 +^samba4.raw.oplock.*.level_ii_1 +^samba4.raw.lock.*.zerobyteread # bug 6974 +^samba4.smb2.lock.*.zerobyteread # bug 6974 +^samba4.raw.streams.*.delete +^samba4.raw.streams.*.createdisp +^samba4.raw.streams.*.sumtab +^samba4.raw.streams.*.perms +^samba4.raw.acls.INHERITFLAGS +^samba4.raw.acls.*.create_dir +^samba4.raw.acls.*.create_owner_dir +^samba4.raw.acls.*.create_owner_file +^samba4.smb2.create.*.acldir +^samba4.smb2.create.*.impersonation +^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS +^samba4.smb2.create.dosattr_tmp_dir\(ad_dc_ntvfs\) +^samba4.smb2.acls.*.generic +^samba4.smb2.acls.*.inheritflags +^samba4.smb2.acls.*.owner +^samba4.smb2.acls.*.ACCESSBASED +^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.SimpleDirsyncTests.test_dirsync_deleted_items_OBJECT_SECURITY +#^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.* +^samba4.libsmbclient.opendir.(NT1|SMB3).opendir # This requires netbios browsing +^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$ +^samba4.smb2.oplock.exclusive2\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.exclusive5\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.exclusive6\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.exclusive9\(.*\)$ +^samba4.smb2.oplock.brl3\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.levelii500\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.levelii502\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.brl1\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch22.\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch19\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch12\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch11\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch1\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch6\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch9\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch9a\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch10\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch20\(.*\)$ # samba 4 oplocks are a mess +^samba4.smb2.oplock.batch26\(.*\)$ +^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess +^samba4.smb2.oplock.statopen1\(ad_dc_ntvfs\)$ # fails with ACCESS_DENIED on a SYNCHRONIZE_ACCESS open +^samba4.smb2.getinfo.complex # streams on directories does not work +^samba4.smb2.getinfo.getinfo_access\(ad_dc_ntvfs\) # Access checks not implemented +^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy +^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy +^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy +^samba4.smb2.sharemode.sharemode-access +^samba4.smb2.sharemode.access-sharemode +^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$ +^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 +^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects +^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects +^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects +^samba4.raw.read.readx\(ad_dc_ntvfs\) # fails readx 16bit alignment requirement +^samba3.smb2.create.gentest +^samba3.smb2.create.blob +^samba3.smb2.create.open +^samba3.smb2.notify.rec +^samba3.smb2.durable-open.delete_on_close2 +^samba3.smb2.durable-v2-open.app-instance +^samba3.smb2.durable-open.reopen1a-lease\(ad_dc\)$ +^samba3.smb2.durable-open.stat-open\(ad_dc\)$ +^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$ +^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl.req_two_resume_keys\(ad_dc_ntvfs\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl.copy-chunk streams\(ad_dc_ntvfs\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl.bug14769\(ad_dc_ntvfs\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl-on-stream.ioctl-on-stream\(ad_dc_ntvfs\) +^samba3.smb2.dir.one +^samba3.smb2.dir.modify +^samba3.smb2.oplock.batch20 +^samba3.smb2.oplock.stream1 +^samba3.smb2.streams.rename +^samba3.smb2.streams.rename2 +^samba3.smb2.streams streams_xattr.rename\(nt4_dc\) +^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\) +^samba3.smb2.getinfo.complex +^samba3.smb2.getinfo.fsinfo # quotas don't work yet +^samba3.smb2.setinfo.setinfo +^samba3.smb2.session.*reauth5 # some special anonymous checks? +^samba3.smb2.compound.interim2 # wrong return code (STATUS_CANCELLED) +^samba3.smb2.compound.aio.interim2 # wrong return code (STATUS_CANCELLED) +^samba3.smb2.lock.*replay_broken_windows # This tests the windows behaviour +^samba3.smb2.lease.statopen3 +^samba3.smb2.lease.unlink # we currently do not downgrade RH lease to R after unlink +^samba4.smb2.ioctl.compress_notsup.*\(ad_dc_ntvfs\) +^samba3.raw.session.*reauth2 # maybe fix this? +^samba3.rpc.lsa.secrets.seal # This gives NT_STATUS_LOCAL_USER_SESSION_KEY +^samba3.rpc.samr.passwords.badpwdcount.samr.badPwdCount\(nt4_dc\) # We fail this test currently +^samba3.rpc.samr.passwords.lockout.*\(nt4_dc\)$ # We fail this test currently +^samba3.rpc.spoolss.printer.addprinter.driver_info_winreg # knownfail or flapping? +^samba3.rpc.spoolss.printer.addprinterex.driver_info_winreg # knownfail or flapping? +^samba3.rpc.spoolss.printer.*.publish_toggle\(.*\)$ # needs spoolss AD member env +^samba3.rpc.spoolss.printer.*.log_jobinfo\(.*\)$ # not implemented yet +^samba3.rpc.spoolss.printserver.*.addpermachineconnection\(.*\)$ # not implemented yet +^samba3.rpc.spoolss.printserver.*.add_processor\(.*\)$ +^samba3.rpc.spoolss.printserver.*.get_core_printer_drivers\(.*\)$ +^samba3.rpc.spoolss.printserver.*.get_printer_driver_package_path\(.*\)$ +^samba4.rpc.fsrvp # fsrvp server only provided by smbd +# +# The following tests fail against ad_dc (aka s3fs) currently. +# These need to be examined and either fixed or correctly categorised. +# but in the interests of ensuring we do not regress, we run the tests +# and list the current failures here. +# +^samba3.rpc.eventlog.eventlog.GetLogIntormation\(ad_dc\) +^samba3.rpc.eventlog.eventlog.FlushEventLog\(ad_dc\) +^samba3.rpc.eventlog.eventlog.ReportEventLog\(ad_dc\) +^samba3.rpc.eventlog.eventlog.ReadEventLog\(ad_dc\) +^samba3.rpc.eventlog.eventlog.GetNumRecords\(ad_dc\) +^samba3.rpc.eventlog.eventlog.OpenEventLog\(ad_dc\) +^samba3.rap.basic.netsessiongetinfo\(ad_dc_smb1\) +# not implemented +^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(ad_dc\) +^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(nt4_dc\) +# +# This makes less sense when not running against an AD DC +# +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping +^samba.wbinfo_simple.allocate-uid.wbinfo\(ad_dc_ntvfs:local\) +^samba.wbinfo_simple.allocate-gid.wbinfo\(ad_dc_ntvfs:local\) +^samba.wbinfo_simple.allocate-uid.wbinfo\(s4member:local\) +^samba.wbinfo_simple.allocate-gid.wbinfo\(s4member:local\) +^samba.wbinfo_simple.allocate-uid.wbinfo\(ad_dc:local\) +^samba.wbinfo_simple.allocate-gid.wbinfo\(ad_dc:local\) +^samba.wbinfo_simple.allocate-uid.wbinfo\(chgdcpass:local\) +^samba.wbinfo_simple.allocate-gid.wbinfo\(chgdcpass:local\) +^samba.wbinfo_simple.allocate-uid.wbinfo\(rodc:local\) +^samba.wbinfo_simple.allocate-gid.wbinfo\(rodc:local\) +# +# These do not work against winbindd in member mode for unknown reasons +# +^samba4.winbind.struct.domain_info\(s4member:local\) +^samba4.winbind.struct.getdcname\(s4member:local\) +# +# These fail since ad_dc_ntvfs assigns the local user's uid to SAMBADOMAIN/Administrator +# hence we have a duplicate UID in nsswitch. +# +^samba3.local.nss.reentrant enumeration crosschecks\(ad_dc_ntvfs:local\) +^samba3.local.nss.reentrant enumeration\(ad_dc_ntvfs:local\) +^samba3.local.nss.enumeration\(ad_dc_ntvfs:local\) +^samba3.local.nss.reentrant enumeration crosschecks\(ad_dc:local\) +^samba3.local.nss.reentrant enumeration\(ad_dc:local\) +^samba3.local.nss.enumeration\(ad_dc:local\) +# +# These do not work against winbindd in member mode for unknown reasons +# +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member\(ad_member:local\) +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping\(ad_member:local\) +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member\(ad_member:local\) +^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping\(ad_member:local\) +^samba4.winbind.struct.getdcname\(ad_member:local\) +^samba4.winbind.struct.lookup_name_sid\(ad_member:local\) +^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC +# +# This will fail against the classic DC, because it requires kerberos +# +^samba4.winbind.pac.*\(nt4_member:local\) # No KDC on a classic DC +# +# This fails because our python bindings create python Lists, not a type +# we can watch for set methods on. +# +^samba.tests.dcerpc.integer.samba.tests.dcerpc.integer.IntegerTests.test_.*_into_uint8_list +# +# Samba sort takes a primative approach to unicode sort. These tests +# match Windows 2012R2 behaviour. +# +^samba4.ldap.sort.python.+UnicodeSortTests +# +## We assert all "ldap server require strong auth" combinations +# +^samba4.ldb.simple.ldap with SIMPLE-BIND.*ad_dc_ntvfs # ldap server require strong auth = allow_sasl_over_tls +^samba4.ldb.simple.ldap with SIMPLE-BIND.*fl2003dc # ldap server require strong auth = yes +^samba4.ldb.simple.ldaps with SASL-BIND.*fl2003dc # ldap server require strong auth = yes +# These are supposed to fail as we want to verify the "tls verify peer" +# restrictions. Note that fl2008r2dc uses a self-signed certificate +# with does not have a crl file. +# +^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name_if_available\( +^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name\( +^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=as_strict_as_possible\( +^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=ca_and_name\( +^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=as_strict_as_possible\( +^samba4.ldb.simple.ldaps.*SERVER.REALM.*tlsverifypeer=as_strict_as_possible.*fl2008r2dc +# +# we don't allow auth_level_connect anymore... +# +^samba3.blackbox.rpcclient.*ncacn_np.*with.*connect.*rpcclient # we don't allow auth_level_connect anymore +^samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain_not_matching_qtype +# ad_dc requires signing +# +^samba4.smb.signing.*disabled.*client-protection=off.*\(ad_dc\) +# fl2000dc doesn't support AES +^samba4.krb5.kdc.*as-req-aes.fl2000dc +# nt4_member and ad_member don't support ntlmv1 (not even over SMB1) +^samba3.blackbox.smbclient_auth.plain.*option=clientntlmv2auth=no.member.creds.*as.user.*_member +^samba3.blackbox.smbclient_auth.plain.*option=clientntlmv2auth=no.*mNT1.member.creds.*as.user.*_member +#nt-vfs server blocks read with execute access +^samba4.smb2.read.access +#ntvfs server blocks copychunk with execute access on read handle +^samba4.smb2.ioctl.copy_chunk_bad_access +^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.* +# We don't support NDR64 yet, so we generate the wrong FAULT code +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_no_auth_presentation_ctx_invalid4 +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_auth_type2 +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_transfer +# NETLOGON is disabled in any non-DC environments +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_2nd_cancel_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_08_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cancel_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cmpx_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_didnot_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_maybe_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_only_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests01\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests02\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests03\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests04\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests05\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_cancel_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_only_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_mix_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_none_only_requests\(ad_member\) + +^samba4.rpc.echo.*on.*with.object.echo.doublepointer.*nt4_dc +^samba4.rpc.echo.*on.*with.object.echo.surrounding.*nt4_dc +^samba4.rpc.echo.*on.*with.object.echo.enum.*nt4_dc +^samba4.rpc.echo.*on.*with.object.echo.testcall.*nt4_dc +^samba4.rpc.echo.*on.*with.object.echo.testcall2.*nt4_dc +^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_add_duplicate_different_type.* +^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_rank_none.* +^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.* +^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_dangling_multi_valued_clean +^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing + +# We currently don't send referrals for LDAP modify of non-replicated attrs +^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.* +# NETLOGON is disabled in any non-DC environments +^samba.tests.netlogonsvc.python\(ad_member\) +^samba.tests.netlogonsvc.python\(simpleserver\) +^samba.tests.netlogonsvc.python\(fileserver\) +# NTLM authentication is (intentionally) disabled in ktest +^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ktest\) +^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ad_dc_no_ntlm\) +# Disabling NTLM means you can't use samr to change the password +^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) +^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) + diff --git a/selftest/knownfail.d/README b/selftest/knownfail.d/README new file mode 100644 index 0000000..6f0262a --- /dev/null +++ b/selftest/knownfail.d/README @@ -0,0 +1,8 @@ +# Files in this directory contain lists of regular expressions +# matching the names of tests that are temporarily expected to fail. +# +# "make test" will not report failures for tests listed here and will consider +# a successful run for any of these tests an error. +# +# Empty lines and lines beginning with '#' are ignored. +# Please don't add tests to this README! diff --git a/selftest/knownfail.d/bug-14236 b/selftest/knownfail.d/bug-14236 new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/selftest/knownfail.d/bug-14236 diff --git a/selftest/knownfail.d/complex_expressions b/selftest/knownfail.d/complex_expressions new file mode 100644 index 0000000..8ec468a --- /dev/null +++ b/selftest/knownfail.d/complex_expressions @@ -0,0 +1,4 @@ +# Ldb accepts invalid search expressions and returns weird results. +.*samba.tests.complex_expressions.ComplexExpressionTests.test_largeint_invalid_expressions.* +.*samba.tests.complex_expressions.ComplexExpressionTests.test_enum_invalid_expressions.* +.*samba.tests.complex_expressions.ComplexExpressionTests.test_invalid_expressions.* diff --git a/selftest/knownfail.d/dirsync b/selftest/knownfail.d/dirsync new file mode 100644 index 0000000..fcf4d46 --- /dev/null +++ b/selftest/knownfail.d/dirsync @@ -0,0 +1,13 @@ +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_OBJECT_SECURITY_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_OBJ_SEC_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_with_GET_CHANGES_OBJ_SEC_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_with_GET_CHANGES_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_with_GET_CHANGES_OBJECT_SECURITY_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_with_GET_CHANGES\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_OBJECT_SECURITY_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_OBJECT_SECURITY_with_GET_CHANGES_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_with_GET_CHANGES_attr\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_with_GET_CHANGES_insist_on_empty_element\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES_attr\(.*\) +^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES_insist_on_empty_element\(.*\) diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns new file mode 100644 index 0000000..fee2f2a --- /dev/null +++ b/selftest/knownfail.d/dns @@ -0,0 +1,89 @@ +# These tests are expected to fail because we want to ensure that +# unauthenicated updates are not permitted against the default +# configuration, nor against an RODC + +samba.tests.dns.__main__.TestDNSUpdates.test_delete_record\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_readd_record\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_mx_record\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_empty_txt_records\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_hex_char_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_char_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_padded_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_slash_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_two_txt_records\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_rpc_self_referencing_cname\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_delete_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_readd_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_mx_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_empty_txt_records\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_hex_char_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_char_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_padded_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_slash_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_two_txt_records\(vampire_dc:local\) +samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain\(rodc:local\) +samba.tests.dns.__main__.TestComplexQueries.test_one_a_query\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_empty_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_hex_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_char_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_padding_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_slash_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_two_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_txt_rpc_to_dns\(rodc:local\) + +samba.tests.dns.__main__.TestZones.test_set_aging_disabled\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_set_aging_disabled\(vampire_dc:local\) + +samba.tests.dns.__main__.TestZones.test_soa_query\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_set_aging\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_aging_update\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_aging_update_disabled\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_aging_refresh\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_rpc_add_no_timestamp\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_basic_scavenging\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_dns_tombstone_custom_match_rule\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_dns_tombstone_custom_match_rule_no_records\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_dns_tombstone_custom_match_rule_fail\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_dynamic_record_static_update\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_static_record_dynamic_update\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_fully_qualified_zone\(rodc:local\) + +samba.tests.dns.__main__.TestZones.test_set_aging\(vampire_dc:local\) +samba.tests.dns.__main__.TestZones.test_aging_update\(vampire_dc:local\) +samba.tests.dns.__main__.TestZones.test_aging_update_disabled\(vampire_dc:local\) +samba.tests.dns.__main__.TestZones.test_aging_refresh\(vampire_dc:local\) +samba.tests.dns.__main__.TestZones.test_basic_scavenging\(vampire_dc:local\) +samba.tests.dns.__main__.TestZones.test_dns_tombstone_custom_match_rule\(vampire_dc:local\) +samba.tests.dns.__main__.TestZones.test_dynamic_record_static_update\(vampire_dc:local\) +samba.tests.dns.__main__.TestZones.test_static_record_dynamic_update\(vampire_dc:local\) + +samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain\(vampire_dc:local\) +samba.tests.dns.__main__.TestComplexQueries.test_one_a_query\(vampire_dc:local\) + +# The SOA override should not pass against the RODC, it must not overstamp +samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\) + +# +# rodc and vampire_dc require signed dns updates, so these tests' setups +# fail, but they pass on fl2003dc +^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(rodc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(vampire_dc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_A\(rodc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_A\(vampire_dc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_AAAA\(rodc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_AAAA\(vampire_dc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_SRV\(rodc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_SRV\(vampire_dc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_cname_limit\(vampire_dc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_cname_limit\(rodc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_cname_any_query\(vampire_dc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_cname_any_query\(rodc:local\) + +# Tests for the dnsProperty parse issue do not pass here, but do against fl2003dc +^samba.tests.dns.__main__.TestZones.test_enum_zones_while_dnsProperty_zero_length\(rodc:local\) +^samba.tests.dns.__main__.TestZones.test_rpc_zone_update_while_dnsProperty_zero_length\(rodc:local\) +^samba.tests.dns.__main__.TestZones.test_rpc_zone_update_while_other_dnsProperty_zero_length\(rodc:local\) +^samba.tests.dns.__main__.TestZones.test_update_while_dnsProperty_zero_length\(rodc:local\) +^samba.tests.dns.__main__.TestZones.test_update_while_dnsProperty_zero_length\(vampire_dc:local\)
\ No newline at end of file diff --git a/selftest/knownfail.d/dns-aging b/selftest/knownfail.d/dns-aging new file mode 100644 index 0000000..dd6998d --- /dev/null +++ b/selftest/knownfail.d/dns-aging @@ -0,0 +1,78 @@ +# known failures for python/samba/tests/dns_aging.py +# +# These all pass on Windows, apart from test_basic_scavenging, which +# fails due to technical issues. + +samba.tests.dns_aging.__main__.TestDNSAging.test_aging_refresh +samba.tests.dns_aging.+test_dns_add_sibling_0_0_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_0_0_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_0_0_days_no_aging +samba.tests.dns_aging.+test_dns_add_sibling_0_0_days_no_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_0_7_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_0_7_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_0_7_days_no_aging +samba.tests.dns_aging.+test_dns_add_sibling_0_7_days_no_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_10_0_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_10_0_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_10_0_days_no_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_112_7_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_112_7_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_112_7_days_no_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_12_113_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_12_113_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_12_113_days_no_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_12_3_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_12_3_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_12_3_days_no_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_12_7_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_12_7_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_12_7_days_no_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_2_7_days_aging +samba.tests.dns_aging.+test_dns_add_sibling_2_7_days_aging_touch +samba.tests.dns_aging.+test_dns_add_sibling_2_7_days_no_aging_touch +samba.tests.dns_aging.+test_add_update_dwSerial +samba.tests.dns_aging.+test_add_update_dwSerial_2 +samba.tests.dns_aging.+test_add_update_many +samba.tests.dns_aging.+test_add_update_ttl_serial +samba.tests.dns_aging.+test_dns_delete_simple_0_0_days_no_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_0_113_days_no_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_10_0_days_aging +samba.tests.dns_aging.+test_dns_delete_simple_10_0_days_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_10_0_days_no_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_112_113_days_aging +samba.tests.dns_aging.+test_dns_delete_simple_112_113_days_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_112_113_days_no_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_12_13_days_aging +samba.tests.dns_aging.+test_dns_delete_simple_12_13_days_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_12_13_days_no_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_2_13_days_no_aging_touch +samba.tests.dns_aging.+test_dns_delete_simple_2_3_days_no_aging_touch +samba.tests.dns_aging.+test_dynamic_record_static_update +samba.tests.dns_aging.+test_multi_records_delete_aging +samba.tests.dns_aging.+test_static_record_dynamic_update +samba.tests.dns_aging.+test_update_aging_disabled\b +samba.tests.dns_aging.+test_update_aging_disabled_beyond_refresh_window +samba.tests.dns_aging.+test_update_aging_disabled_in_eighteenth_century +samba.tests.dns_aging.+test_update_aging_disabled_in_no_refresh_window +samba.tests.dns_aging.+test_update_aging_disabled_in_refresh_window +samba.tests.dns_aging.+test_update_aging_disabled_on_no_refresh_boundary +samba.tests.dns_aging.+test_update_aging_disabled_static +samba.tests.dns_aging.+test_update_aging_enabled +samba.tests.dns_aging.+test_update_aging_enabled_beyond_refresh_window +samba.tests.dns_aging.+test_update_aging_enabled_in_eighteenth_century +samba.tests.dns_aging.+test_update_aging_enabled_in_no_refresh_window +samba.tests.dns_aging.+test_update_aging_enabled_in_refresh_window +samba.tests.dns_aging.+test_update_aging_enabled_on_no_refresh_boundary +samba.tests.dns_aging.+test_update_static_stickiness +samba.tests.dns_aging.+test_update_timestamp_weirdness_no_refresh_no_aging +samba.tests.dns_aging.+test_update_timestamp_weirdness_refresh_no_aging +samba.tests.dns_aging.+test_AAAA_5_days_AAAA_6_days_aging +samba.tests.dns_aging.+test_A_10_days_AAAA_5_days_aging +samba.tests.dns_aging.+test_A_10_days_AAAA_5_days_no_aging +samba.tests.dns_aging.+test_A_10_days_AAAA_9_days_aging +samba.tests.dns_aging.+test_A_20_days_AAAA_2_days_aging +samba.tests.dns_aging.+test_A_5_days_AAAA_10_days_aging +samba.tests.dns_aging.+test_A_5_days_AAAA_5_days_aging +samba.tests.dns_aging.+test_A_5_days_A_5_days_aging +samba.tests.dns_aging.+test_A_9_days_AAAA_10_days_no_aging +samba.tests.dns_aging.+test_samba_scavenging diff --git a/selftest/knownfail.d/dns_packet b/selftest/knownfail.d/dns_packet new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/selftest/knownfail.d/dns_packet diff --git a/selftest/knownfail.d/durable-v2-delay b/selftest/knownfail.d/durable-v2-delay new file mode 100644 index 0000000..2a84749 --- /dev/null +++ b/selftest/knownfail.d/durable-v2-delay @@ -0,0 +1,2 @@ +# In the ad_dc env leases are disabled +^samba3.smb2.durable-v2-delay.durable_v2_reconnect_delay_msec\(ad_dc\) diff --git a/selftest/knownfail.d/empty-domain-name b/selftest/knownfail.d/empty-domain-name new file mode 100644 index 0000000..a1ffcaf --- /dev/null +++ b/selftest/knownfail.d/empty-domain-name @@ -0,0 +1,7 @@ +^samba3.blackbox.smbclient_auth.empty_domain.domain_creds.smbclient.*as.user.*nt4_member +^samba3.blackbox.smbclient_auth.empty_domain.domain_creds.smbclient.*as.user.*ad_member +^samba3.blackbox.smbclient_auth.dot_domain.domain_creds.smbclient.*as.user.*nt4_member +^samba3.blackbox.smbclient_auth.dot_domain.domain_creds.smbclient.*as.user.*ad_member +^samba3.blackbox.smbclient_auth.upn.domain_creds.smbclient.*as.*user.*nt4_member +^samba3.blackbox.smbclient_auth.upn.member_creds.smbclient.*as.*user.*nt4_member +^samba3.blackbox.smbclient_auth.upn.member_creds.smbclient.*as.*user.*ad_member diff --git a/selftest/knownfail.d/encrypted_secrets b/selftest/knownfail.d/encrypted_secrets new file mode 100644 index 0000000..e25a68d --- /dev/null +++ b/selftest/knownfail.d/encrypted_secrets @@ -0,0 +1,13 @@ +# The fl2000dc environment is provisioned with the --plaintext-secrets option +# running the ecnrypted secrets tests on it and expecting them to fail. +# verifies that: +# * --plaintext-secrets option correctly provisions a domain +# * the dsdb operational module correctly handles unencrypted secrets +# * secrets are not stored as encrypted text when this option is specified +^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_encrypted_secrets\(fl2000dc:local\) +^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_required_features\(fl2000dc:local\) +# +# The tests for bug 13563 https://bugzilla.samba.org/show_bug.cgi?id=13653 +# should fail in the mdb case, as sam.ldb is currently a tdb file. +# +^samba.tests.blackbox.bug13653.samba.tests.blackbox.bug13653.Bug13653Tests.test_mdb_scheme diff --git a/selftest/knownfail.d/getncchanges b/selftest/knownfail.d/getncchanges new file mode 100644 index 0000000..bda9b31 --- /dev/null +++ b/selftest/knownfail.d/getncchanges @@ -0,0 +1,8 @@ +# GET_TGT tests currently only work for testenvs that send the links at the +# same time as the source objects. Currently this is only the vampire_dc +samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt\(promoted_dc\) +samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_chain\(promoted_dc\) +samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_and_anc\(promoted_dc\) +samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_multivalued_links\(promoted_dc\) +# Samba chooses to always increment the USN for the NC root at the point where it would otherwise show up. +samba4.drs.getncchanges.python\(.*\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_nc_is_first_nc_change_only\( diff --git a/selftest/knownfail.d/initshutdown b/selftest/knownfail.d/initshutdown new file mode 100644 index 0000000..0e8d76a --- /dev/null +++ b/selftest/knownfail.d/initshutdown @@ -0,0 +1,3 @@ +# the initshutdown pipe is not provided by the AD DC +^samba3.rpc.initshutdown.initshutdown.InitEx\(ad_dc\) +^samba3.rpc.initshutdown.initshutdown.Init\(ad_dc\) diff --git a/selftest/knownfail.d/kdc-salt b/selftest/knownfail.d/kdc-salt new file mode 100644 index 0000000..a671e4d --- /dev/null +++ b/selftest/knownfail.d/kdc-salt @@ -0,0 +1 @@ +^samba.tests.krb5.salt_tests.samba.tests.krb5.salt_tests.SaltTests.test_salt_upn_at_realm_user diff --git a/selftest/knownfail.d/keytab b/selftest/knownfail.d/keytab new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/selftest/knownfail.d/keytab diff --git a/selftest/knownfail.d/kinit_trust b/selftest/knownfail.d/kinit_trust new file mode 100644 index 0000000..c4ac2ca --- /dev/null +++ b/selftest/knownfail.d/kinit_trust @@ -0,0 +1,2 @@ +^samba4.blackbox.kinit_trust.Test login with.*kerberos ccache \(smbclient4\)\(fl2008r2dc:local\) +^samba4.blackbox.kinit_trust.Test login with.* kerberos ccache \(smbclient4\)\(fl2003dc:local\) diff --git a/selftest/knownfail.d/krb5-no-preauth b/selftest/knownfail.d/krb5-no-preauth new file mode 100644 index 0000000..d6f20d0 --- /dev/null +++ b/selftest/knownfail.d/krb5-no-preauth @@ -0,0 +1,7 @@ +# +# MIT and Heimdal currently fails some as_req_no_preauth tests against FL 2003. It is unclear if we should care. +# +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_aes128_rc4.*fl2003dc +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_mac_aes128_rc4.*fl2003dc +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*aes.*rc4.*fl2003dc +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*rc4.*aes.*fl2003dc diff --git a/selftest/knownfail.d/labdc b/selftest/knownfail.d/labdc new file mode 100644 index 0000000..65eafd5 --- /dev/null +++ b/selftest/knownfail.d/labdc @@ -0,0 +1,5 @@ +# Because the lab-DC testenv scrubs all user info (apart from the Admin), +# we expect tests relying on other users' credentials to fail. +# These tests fail because they use testallowed and testdenied users. +^samba4.rpc.echo.testallowed.*labdc.* +^samba4.rpc.echo.testdenied.*labdc.* diff --git a/selftest/knownfail.d/ldap b/selftest/knownfail.d/ldap new file mode 100644 index 0000000..0331d36 --- /dev/null +++ b/selftest/knownfail.d/ldap @@ -0,0 +1,3 @@ +# the attributes too long test returns the wrong error +^samba4.ldap.python.+test_attribute_ranges_too_long +samba4.ldap.python\(ad_dc_default\).*__main__.BasicTests.test_ldapSearchNoAttributes diff --git a/selftest/knownfail.d/ldap_spn b/selftest/knownfail.d/ldap_spn new file mode 100644 index 0000000..63f9fe0 --- /dev/null +++ b/selftest/knownfail.d/ldap_spn @@ -0,0 +1 @@ +samba.tests.ldap_spn.+LdapSpnTest.test_spn_dodgy_spns diff --git a/selftest/knownfail.d/lm-hash-support-gone b/selftest/knownfail.d/lm-hash-support-gone new file mode 100644 index 0000000..cced585 --- /dev/null +++ b/selftest/knownfail.d/lm-hash-support-gone @@ -0,0 +1,8 @@ +^samba4.blackbox.smbclient .*LANMAN* +^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics_lm\(ad_dc:local\) +^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics_lm\(ad_member:local\) +^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics_lm\(chgdcpass:local\) +^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics_lm\(rodc:local\) +# These fail as they expect no LM support (compared with the _lm test test does) +^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics\(nt4_dc:local\) +^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics\(nt4_member:local\) diff --git a/selftest/knownfail.d/lzxpress b/selftest/knownfail.d/lzxpress new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/selftest/knownfail.d/lzxpress diff --git a/selftest/knownfail.d/modify-order b/selftest/knownfail.d/modify-order new file mode 100644 index 0000000..76d538e --- /dev/null +++ b/selftest/knownfail.d/modify-order @@ -0,0 +1,8 @@ +samba4.ldap_modify_order.python.+ModifyOrderTests.test_modify_order_account_locality_device +samba4.ldap_modify_order.python.+ModifyOrderTests.test_modify_order_container_flags_multivalue +samba4.ldap_modify_order.python.+ModifyOrderTests.test_modify_order_objectclass2 +samba4.ldap_modify_order.python.+ModifyOrderTests.test_modify_order_singlevalue +samba4.ldap_modify_order.normal_user.+ModifyOrderTests.test_modify_order_account_locality_device +samba4.ldap_modify_order.normal_user.+ModifyOrderTests.test_modify_order_container_flags[^_] +samba4.ldap_modify_order.normal_user.+ModifyOrderTests.test_modify_order_objectclass[^2] +samba4.ldap_modify_order.normal_user.+ModifyOrderTests.test_modify_order_objectclass2 diff --git a/selftest/knownfail.d/multichannel b/selftest/knownfail.d/multichannel new file mode 100644 index 0000000..6c91b55 --- /dev/null +++ b/selftest/knownfail.d/multichannel @@ -0,0 +1,7 @@ +^samba3.smb2.multichannel.oplocks.test2.nt4_dc # expects windows behavior => smb2 disable oplock break retry = yes +^samba3.smb2.multichannel.oplocks.test3_windows.nt4_dc # expects windows behavior => smb2 disable oplock break retry = yes +^samba3.smb2.multichannel.oplocks.test3_specification.ad_dc # expects samba (MS-SMB2) behavior +^samba3.smb2.multichannel.leases.test1.ad_dc # requires lease support +^samba3.smb2.multichannel.leases.test2.ad_dc # requires lease support +^samba3.smb2.multichannel.leases.test3.ad_dc # requires lease support +^samba3.smb2.multichannel.leases.test4.ad_dc # requires lease support diff --git a/selftest/knownfail.d/netlogon b/selftest/knownfail.d/netlogon new file mode 100644 index 0000000..b51bf88 --- /dev/null +++ b/selftest/knownfail.d/netlogon @@ -0,0 +1,4 @@ +# This test passes against Windows 2008R2, but not Samba as we +# keep a per-socket cache in addition to the name cache, which is +# not invalidated if the name-based global cache is used. +^samba4\.rpc\.netlogon.*\.netlogon\.ServerReqChallengeReuseGlobal3
\ No newline at end of file diff --git a/selftest/knownfail.d/nt-hash-support-gone b/selftest/knownfail.d/nt-hash-support-gone new file mode 100644 index 0000000..55ec47d --- /dev/null +++ b/selftest/knownfail.d/nt-hash-support-gone @@ -0,0 +1,9 @@ +^samba4.ldap.login_basics.python.ad_dc_no_ntlm..__main__.BasicUserAuthTests.test_login_basics_ntlm.ad_dc_no_ntlm +^samba4.ldap.passwords.python.ad_dc_no_ntlm..__main__.PasswordTests.test_old_password_rename_attempt_reuse_2.ad_dc_no_ntlm +^samba4.ldap.passwords.python.ad_dc_no_ntlm..__main__.PasswordTests.test_old_password_rename_simple_bind_2.ad_dc_no_ntlm +^samba4.ldap.passwords.python.fl2003dc..__main__.PasswordTests.test_old_password_attempt_reuse.fl2003dc +^samba4.ldap.passwords.python.fl2003dc..__main__.PasswordTests.test_old_password_rename_attempt_reuse.fl2003dc +^samba4.ldap.passwords.python.fl2003dc..__main__.PasswordTests.test_old_password_rename_attempt_reuse_2.fl2003dc +^samba4.ldap.passwords.python.fl2003dc..__main__.PasswordTests.test_old_password_rename_simple_bind.fl2003dc +^samba4.ldap.passwords.python.fl2003dc..__main__.PasswordTests.test_old_password_rename_simple_bind_2.fl2003dc +^samba4.ldap.passwords.python.fl2003dc..__main__.PasswordTests.test_old_password_simple_bind.fl2003dc diff --git a/selftest/knownfail.d/ntlmv1-restrictions b/selftest/knownfail.d/ntlmv1-restrictions new file mode 100644 index 0000000..c5e915a --- /dev/null +++ b/selftest/knownfail.d/ntlmv1-restrictions @@ -0,0 +1,5 @@ +# These tests should fail in these environments, as we restrict NTLMv1 +# in both of these, with vampire_dc however allowing MSCHAPv2 +samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(vampire_dc\) +samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExMSCHAPv2\(promoted_dc\) +samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(promoted_dc\) diff --git a/selftest/knownfail.d/ntlmv2-restrictions b/selftest/knownfail.d/ntlmv2-restrictions new file mode 100644 index 0000000..cc67df8 --- /dev/null +++ b/selftest/knownfail.d/ntlmv2-restrictions @@ -0,0 +1,2 @@ +# 'raw NTLMv2 auth' is not enabled on ad_member +^samba4.smb.signing disabled on with -k no --option=clientusespnego=no --client-protection=off domain-creds.xcopy\(ad_member\) diff --git a/selftest/knownfail.d/oneway b/selftest/knownfail.d/oneway new file mode 100644 index 0000000..4a182f0 --- /dev/null +++ b/selftest/knownfail.d/oneway @@ -0,0 +1,9 @@ +# One way trust, the first one is weird (smbclient4), the rest are logical +^samba4.blackbox.kinit_trust.Test login with user kerberos ccache \(smbclient4\)\(fl2000dc:local\) +^samba4.blackbox.kinit_trust.Test user login with the first outgoing secret\(fl2000dc:local\) +^samba4.blackbox.kinit_trust.Test user login with the changed outgoing secret\(fl2000dc:local\) +# More one-way trust +^samba4.blackbox.trust_utils\(fl2000dc:local\).validate trust default both\(fl2000dc:local\) +^samba4.blackbox.trust_utils\(fl2000dc:local\).validate trust reverse both\(fl2000dc:local\) +^samba4.blackbox.trust_utils\(fl2000dc:local\).validate trust reverse local\(fl2000dc:local\) +^samba4.blackbox.trust_utils\(fl2000dc:local\).namespaces own default\(fl2000dc:local\) diff --git a/selftest/knownfail.d/priv_attr b/selftest/knownfail.d/priv_attr new file mode 100644 index 0000000..5d3713e --- /dev/null +++ b/selftest/knownfail.d/priv_attr @@ -0,0 +1,13 @@ +# These priv_attrs tests would be good to fix, but are not fatal as +# the testsuite is run twice, once with and once without STRICT_CHECKING=0 +# +# These knownfails show that we can improve our error matching against Windows. +# +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_CC_WP_computer +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_CC_WP_user +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_CC_default_computer +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_CC_default_user +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_admin-add_WP_computer +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_admin-add_WP_user +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_admin-add_default_computer +samba4.priv_attrs.strict.python\(.*\).__main__.PrivAttrsTests.test_priv_attr_sidHistory_add_admin-add_default_user diff --git a/selftest/knownfail.d/protected_users b/selftest/knownfail.d/protected_users new file mode 100644 index 0000000..1ada787 --- /dev/null +++ b/selftest/knownfail.d/protected_users @@ -0,0 +1,2 @@ +^samba4.ldap.password_lockout.python\(ad_dc_slowtests\).__main__.PasswordTestsWithoutSleep.test_samr_change_password_protected.ad_dc_slowtests +^samba4.ldap.password_lockout.python\(ad_dc_slowtests\).__main__.PasswordTestsWithoutSleep.test_samr_set_password_protected.ad_dc_slowtests diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults new file mode 100644 index 0000000..d129dab --- /dev/null +++ b/selftest/knownfail.d/python-segfaults @@ -0,0 +1,3 @@ +samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3 +samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_dnsp_string_list +samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_dns_record diff --git a/selftest/knownfail.d/quota1 b/selftest/knownfail.d/quota1 new file mode 100644 index 0000000..a36f325 --- /dev/null +++ b/selftest/knownfail.d/quota1 @@ -0,0 +1,2 @@ +# ntvfs returns NT_STATUS_NOT_SUPPORTED +^samba3.smbtorture_s3.plain.SMB2-QUOTA1.smbtorture\(ad_dc_ntvfs\) diff --git a/selftest/knownfail.d/replica_sync b/selftest/knownfail.d/replica_sync new file mode 100644 index 0000000..1ef77b0 --- /dev/null +++ b/selftest/knownfail.d/replica_sync @@ -0,0 +1,8 @@ +# Samba currently picks a different winner of object conflicts compared to Windows. +# Samba uses the version number whereas Windows always takes the most recent change +samba4.drs.replica_sync.python\(vampire_dc\).replica_sync.DrsReplicaSyncTestCase.test_ReplConflictsRenamedVsNewRemoteWin\(vampire_dc:local\) +samba4.drs.replica_sync.python\(promoted_dc\).replica_sync.DrsReplicaSyncTestCase.test_ReplConflictsRenamedVsNewRemoteWin\(promoted_dc:local\) +samba4.drs.replica_sync.python\(vampire_dc\).replica_sync.DrsReplicaSyncTestCase.test_ReplConflictsRenamedVsNewLocalWin\(vampire_dc:local\) +samba4.drs.replica_sync.python\(promoted_dc\).replica_sync.DrsReplicaSyncTestCase.test_ReplConflictsRenamedVsNewLocalWin\(promoted_dc:local\) +samba4.drs.replica_sync.python\(vampire_dc\).replica_sync.DrsReplicaSyncTestCase.test_ReplReanimationConflict\(vampire_dc:local\) +samba4.drs.replica_sync.python\(promoted_dc\).replica_sync.DrsReplicaSyncTestCase.test_ReplReanimationConflict\(promoted_dc:local\) diff --git a/selftest/knownfail.d/rpc-dfs b/selftest/knownfail.d/rpc-dfs new file mode 100644 index 0000000..8ab72ff --- /dev/null +++ b/selftest/knownfail.d/rpc-dfs @@ -0,0 +1,2 @@ +#_dfs_EnumEx() is not implemented on RPC server side +^samba3.blackbox.rpcclient_dfs.dfsenumex diff --git a/selftest/knownfail.d/rpc-netlogon-zerologon b/selftest/knownfail.d/rpc-netlogon-zerologon new file mode 100644 index 0000000..29d2e6e --- /dev/null +++ b/selftest/knownfail.d/rpc-netlogon-zerologon @@ -0,0 +1,4 @@ +# +# Due to differences in the way UTF-16 strings are handled by the source4 and +# source3 rpc servers, this test fails on the source3 rpc server +^samba3.rpc.netlogon.zerologon.netlogon.test_SetPassword2_maximum_length_password\(nt4_dc\) diff --git a/selftest/knownfail.d/rw-invalid b/selftest/knownfail.d/rw-invalid new file mode 100644 index 0000000..ac5fe57 --- /dev/null +++ b/selftest/knownfail.d/rw-invalid @@ -0,0 +1 @@ +samba4.smb2.rw.invalid.ad_dc_ntvfs diff --git a/selftest/knownfail.d/s3-logging b/selftest/knownfail.d/s3-logging new file mode 100644 index 0000000..76466dc --- /dev/null +++ b/selftest/knownfail.d/s3-logging @@ -0,0 +1 @@ +samba.tests.logfiles.*S3LoggingTests.test_all_different_ways_cmdline_d\b diff --git a/selftest/knownfail.d/s3-lsa-server b/selftest/knownfail.d/s3-lsa-server new file mode 100644 index 0000000..de1244f --- /dev/null +++ b/selftest/knownfail.d/s3-lsa-server @@ -0,0 +1 @@ +^samba4.blackbox.trust_ntlm.Test08.rpcclient.lookupnames.with.ADDOM.SAMBA.EXAMPLE.COM\(ad_member:local\) diff --git a/selftest/knownfail.d/samba-4.5-emulation b/selftest/knownfail.d/samba-4.5-emulation new file mode 100644 index 0000000..1fc7936 --- /dev/null +++ b/selftest/knownfail.d/samba-4.5-emulation @@ -0,0 +1,4 @@ +# This fails as there is no second DC in this enviroment, so it is always the owner +samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_FSMONotOwner\(chgdcpass\) +# This fails because GET_ANC is now poorly implemented (matching Samba 4.5) +^samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_link_utdv_hwm\(chgdcpass\) diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit new file mode 100644 index 0000000..6307e2b --- /dev/null +++ b/selftest/knownfail.d/samba3.vfs.fruit @@ -0,0 +1,2 @@ +^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\) +^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion without embedded xattr\(nt4_dc\) diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings new file mode 100644 index 0000000..6953643 --- /dev/null +++ b/selftest/knownfail.d/sid-strings @@ -0,0 +1,3 @@ +^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_Aa.ad_dc +^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_aA.ad_dc +^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_aa.ad_dc diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests new file mode 100644 index 0000000..b5263f2 --- /dev/null +++ b/selftest/knownfail.d/smb1-tests @@ -0,0 +1,52 @@ +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|nt4_member)\) +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|nt4_member)\) +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|nt4_member)\) +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L.*\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L LOCALADMEMBER -I.*\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.noninteractive smbclient does not prompt\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.noninteractive smbclient -l does not prompt\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.interactive smbclient prompts on stdout\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.interactive smbclient -l prompts on stdout\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.creating a bad symlink and deleting it\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.Accessing an MS-DFS link\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.del on MS-DFS share\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.deltree on MS-DFS share\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.Ensure archive bit is set correctly on file/dir rename\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.ccache access works for smbclient\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.using an authentication file\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.list with backup privilege\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.list a share with bad names \(won't convert\)\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.list a share with a mangled name \+ acl_xattr object\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.server-side file copy\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.Ensure widelinks are restricted\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.stream_xattr attributes\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.follow symlinks = no\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient deltree command\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.server os message\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.test server quiet message\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.setmode test\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.utimes\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.rename_dotdot\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.volume\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.delete a non empty directory\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.Recursive ls across MS-DFS links\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.Hardlink on MS-DFS share\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.Rename on MS-DFS share\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.*valid.users.nt4.* +^samba3.blackbox.smbclient_s3.NT1.*valid.users.* +^samba3.unix.whoami machine account.whoami\(ad_member:local\) +^samba3.unix.whoami.whoami\(nt4_member\) +^samba3.unix.whoami anonymous connection.whoami\(nt4_member\) +^samba3.unix.whoami.whoami\(ad_member\) +^samba3.unix.whoami kerberos connection.whoami\(ad_member\) +^samba3.unix.whoami anonymous connection.whoami\(ad_member\) +^samba3.unix.whoami ntlm user@realm.whoami\(ad_member\) +^samba4.smb.signing disabled on with -k no --client-protection=off domain-creds.xcopy\(ad_member\) +^samba4.smb.signing disabled on with -k no --option=gensec:spengo=no --client-protection=off domain-creds.xcopy\(ad_member\) +^samba4.smb.signing disabled on with -k yes --client-protection=off domain-creds.xcopy\(ad_member\) +^samba4.blackbox.smbclient\(ad_member:local\).Test login with --machine-pass without kerberos\(ad_member:local\) +^samba4.blackbox.smbclient\(ad_member:local\).Test login with --machine-pass and kerberos\(ad_member:local\) +^samba4.blackbox.smbclient\(chgdcpass:local\).Test login with --machine-pass without kerberos\(chgdcpass:local\) +^samba4.blackbox.smbclient\(chgdcpass:local\).Test login with --machine-pass and kerberos\(chgdcpass:local\) +^samba3.blackbox.smbclient_basic.NT1.smbclient as NT4SCHANNEL.*\(nt4_dc_schannel\) diff --git a/selftest/knownfail.d/smb2.replay b/selftest/knownfail.d/smb2.replay new file mode 100644 index 0000000..4cac807 --- /dev/null +++ b/selftest/knownfail.d/smb2.replay @@ -0,0 +1,29 @@ +# These tests demonstrate the broken Windows behavior +# and check for ACCESS_DENIED instead of FILE_NOT_AVAILABLE +# See https://bugzilla.samba.org/show_bug.cgi?id=14449 +^samba3.smb2.replay.dhv2-pending1n-vs-violation-lease-close-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1n-vs-violation-lease-ack-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1n-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1n-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1l-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1l-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1o-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1o-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending2n-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending2n-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending2l-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending2l-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending2o-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending2o-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending3n-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending3n-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending3l-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending3l-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending3o-vs-oplock-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending3o-vs-lease-windows.nt4_dc +^samba3.smb2.replay.dhv2-pending1n-vs-oplock-windows.ad_dc +^samba3.smb2.replay.dhv2-pending1o-vs-oplock-windows.ad_dc +^samba3.smb2.replay.dhv2-pending2n-vs-oplock-windows.ad_dc +^samba3.smb2.replay.dhv2-pending2o-vs-oplock-windows.ad_dc +^samba3.smb2.replay.dhv2-pending3n-vs-oplock-windows.ad_dc +^samba3.smb2.replay.dhv2-pending3o-vs-oplock-windows.ad_dc diff --git a/selftest/knownfail.d/smb2.session b/selftest/knownfail.d/smb2.session new file mode 100644 index 0000000..a85fb37 --- /dev/null +++ b/selftest/knownfail.d/smb2.session @@ -0,0 +1,4 @@ +# These tests fail with INVALID_PARAMETER as +# we required the same client guid for session binds +^samba3.smb2.session.*.bind_negative_smb3signCtoHd +^samba3.smb2.session.*.bind_negative_smb3signHtoCd diff --git a/selftest/knownfail.d/smbcacls b/selftest/knownfail.d/smbcacls new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/selftest/knownfail.d/smbcacls diff --git a/selftest/knownfail.d/smbclient-smb3 b/selftest/knownfail.d/smbclient-smb3 new file mode 100644 index 0000000..119e93e --- /dev/null +++ b/selftest/knownfail.d/smbclient-smb3 @@ -0,0 +1,5 @@ +^samba3.blackbox.smbclient_s3.SMB3.*.creating.a.bad.symlink.and.deleting.it +^samba3.blackbox.acl_xattr.SMB3.nt_affects_posix +^samba3.blackbox.acl_xattr.SMB3.nt_affects_chown +^samba3.blackbox.acl_xattr.SMB3.nt_affects_chgrp +^samba3.blackbox.inherit_owner.*.SMB3.*unix.owner diff --git a/selftest/knownfail.d/source3-epmapper b/selftest/knownfail.d/source3-epmapper new file mode 100644 index 0000000..0a731ec --- /dev/null +++ b/selftest/knownfail.d/source3-epmapper @@ -0,0 +1,2 @@ +^samba3.rpc.epmapper\ over\ ncalrpc.epmapper.Map_full\(nt4_dc:local\) +^samba3.rpc.epmapper\ over\ ncalrpc.epmapper.Insert_noreplace\(nt4_dc:local\) diff --git a/selftest/knownfail.d/srvsvc b/selftest/knownfail.d/srvsvc new file mode 100644 index 0000000..63444c8 --- /dev/null +++ b/selftest/knownfail.d/srvsvc @@ -0,0 +1,24 @@ +# Except where noted these are missing RPCs with just give a simple +# fault (mapped to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetShareGetInfo\(ad_member\) +# Level 501 is supported in the s3 srvsrv server +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetShareEnum\(ad_member\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetTransportEnum\(ad_member\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetShareEnumAll\(ad_member\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetCharDevQEnum\(ad_member\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetCharDevEnum\(ad_member\) +^samba3.rpc.srvsvc.srvsvc anonymous access.NetShareGetInfo\(ad_member\) +^samba3.rpc.srvsvc.srvsvc anonymous access.NetShareEnum\(ad_member\) +^samba3.rpc.srvsvc.srvsvc anonymous access.NetShareEnumAll\(ad_member\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetShareGetInfo\(ad_dc\) +# Level 501 is supported in the s3 srvsrv server +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetShareEnum\(ad_dc\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetTransportEnum\(ad_dc\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetShareEnumAll\(ad_dc\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetCharDevQEnum\(ad_dc\) +^samba3.rpc.srvsvc.srvsvc \(admin access\).NetCharDevEnum\(ad_dc\) +# These should be fixed by setting 'restrict anonymous = 2' by default +# per https://bugzilla.samba.org/show_bug.cgi?id=12775 +^samba3.rpc.srvsvc.srvsvc anonymous access.NetShareGetInfo\(ad_dc\) +^samba3.rpc.srvsvc.srvsvc anonymous access.NetShareEnum\(ad_dc\) +^samba3.rpc.srvsvc.srvsvc anonymous access.NetShareEnumAll\(ad_dc\) diff --git a/selftest/knownfail.d/uac_objectclass_restrict b/selftest/knownfail.d/uac_objectclass_restrict new file mode 100644 index 0000000..a9ed5e8 --- /dev/null +++ b/selftest/knownfail.d/uac_objectclass_restrict @@ -0,0 +1,17 @@ +# Knownfail entries due to restricting the creation of computer/user +# accounts (in terms of userAccountControl) that do not match the objectclass +# +# All these tests need to be fixed and the entries here removed + +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-DC_add_CC_WP_user\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-DC_add_CC_default_user\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-a2d-user_add_CC_WP_computer\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-a2d-user_add_CC_default_computer\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-a2d-user_mod-del-add_CC_default_computer\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-a2d-user_mod-replace_CC_default_computer\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-t4d-user_add_CC_WP_computer\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-t4d-user_add_CC_default_computer\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-t4d-user_mod-del-add_CC_default_computer\(ad_dc_default\) +^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-t4d-user_mod-replace_CC_default_computer\(ad_dc_default\) +^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_add_computer_sd_cc\(ad_dc_default\) +^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_mod_computer_cc\(ad_dc_default\) diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling new file mode 100644 index 0000000..bcbedb4 --- /dev/null +++ b/selftest/knownfail.d/upn_handling @@ -0,0 +1,8 @@ +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member +^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member +^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc diff --git a/selftest/knownfail.d/usage b/selftest/knownfail.d/usage new file mode 100644 index 0000000..b8e0bbc --- /dev/null +++ b/selftest/knownfail.d/usage @@ -0,0 +1,35 @@ +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_autobuild_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_compare_cc_results_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_config_base.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_ctdb_etcd_lock.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_depfilter_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_dns_hub_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_gen_hresult_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_repl_cleartext_pwd_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_run_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_run_py_.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_smbstatus.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_tests_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_tests_py_.none. +samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_waf.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_chgtdcpass.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_findprovisionusnranges.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_machineaccountpw.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_rebuildextendeddn.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_renamedc.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_repl_cleartext_pwd_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_rodcdns.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_gpupdate.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_gpupdate_.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_kcc.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_kcc_.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_spnupdate.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_spnupdate_.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_upgradedns.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_upgradedns_.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_upgradeprovision.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_samba_upgradeprovision_.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_smbstatus.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_test_s3_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_test_s4_howto_py.none. +samba.tests.usage.samba.tests.usage.PythonScriptUsageTests.test_traffic_learner.none. diff --git a/selftest/knownfail.d/vlv b/selftest/knownfail.d/vlv new file mode 100644 index 0000000..7ae02ba --- /dev/null +++ b/selftest/knownfail.d/vlv @@ -0,0 +1,2 @@ +samba4.ldap.vlv.python.*__main__.VLVTests.test_vlv_change_search_expr +samba4.ldap.vlv.python.*__main__.PagedResultsTestsRW.test_paged_cant_change_controls_data diff --git a/selftest/knownfail.d/wkssvc b/selftest/knownfail.d/wkssvc new file mode 100644 index 0000000..37a0e67 --- /dev/null +++ b/selftest/knownfail.d/wkssvc @@ -0,0 +1,25 @@ +# We do not have a full implementation of wkssvc in source3, but we +# have something worth testing +samba3.rpc.wkssvc.wkssvc.NetrMessageBufferSend\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrWorkstationStatisticsGet\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrGetJoinableOus2\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrGetJoinableOus\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrGetJoinInformation\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrUnjoinDomain\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrJoinDomain\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrEnumerateComputerNames\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrAddAlternateComputerName\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrRemoveAlternateComputerName\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrLogonDomainNameAdd\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrLogonDomainNameDel\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrValidateName2\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrValidateName\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrUseAdd\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrUseEnum\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrUseGetInfo\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrUseDel\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrWkstaUserGetInfo\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrWkstaTransportAdd\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetrWkstaTransportDel\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetWkstaTransportEnum\(ad_member\) +samba3.rpc.wkssvc.wkssvc.NetWkstaGetInfo\(ad_member\) diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc new file mode 100644 index 0000000..4ae27ea --- /dev/null +++ b/selftest/knownfail_heimdal_kdc @@ -0,0 +1,56 @@ +# +# We expect all the MIT specific compatability tests to fail on heimdal +# kerberos +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_ +# +# Heimdal currently fails the following MS-KILE client principal lookup +# tests +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c +# +# FAST tests +# +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_hide_client_names.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor_enc_pa_rep.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_enc_pa_rep.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_enc_pa_rep.ad_dc +# +# S4U tests +# +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_rbcd_old_checksum +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_existing_delegation_info +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_missing_client_checksum +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_a +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_b +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_unkeyed_client_checksum +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_unkeyed_service_checksum +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_client_checksum +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_service_checksum +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_forwardable +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_trusted_empty_allowed +# +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_auth_data_required +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_auth_data_required +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_no_auth_data_required_a +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_no_auth_data_required_b +# +# https://bugzilla.samba.org/show_bug.cgi?id=14886: Tests for accounts not revealed to the RODC +# +# The KDC should not accept tickets from an RODC for accounts not in the msDS-RevealedUsers list. +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_not_revealed +# +# Protected Users tests +# +# This test fails, which is fine, as we have an alternate test that considers a policy error as successful. +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_as_protected.ad_dc +# +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samr_change_password_protected.ad_dc diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc new file mode 100644 index 0000000..93ff633 --- /dev/null +++ b/selftest/knownfail_mit_kdc @@ -0,0 +1,2044 @@ +# +# We expect all the heimdal specific compatability tests to fail on MIT +# kerberos +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_heimdal_ +# +# Currently MOST but not quite all the Canonicalization tests fail on the +# MIT KDC +# +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm_UPN\( +samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar_AsReqSelf\( +# +# MIT currently returns an error code of 12 KRB5KDC_ERR_POLICY: KDC policy rejects request, to the +# following tests +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\) +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\) +# +# KDC TGS PAC tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_service_no_auth_data_required\(ad_dc\) +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac\(ad_dc\) +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required\(ad_dc\) +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_service_no_auth_data_required\(ad_dc\) +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_request_no_pac\(ad_dc\) +# +# MIT currently fails the following MS-KILE tests. +# +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4 +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5 +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_1 +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_2 +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_3 +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c +^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c +# +# MIT currently fails some as_req_no_preauth tests. +# +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_aes128_rc4.*fl2003dc +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_mac_aes128_rc4.*fl2003dc +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*aes.*rc4.*fl2003dc +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*rc4.*aes.*fl2003dc +# Differences in our KDC compared to windows +# +^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally +# +# fl2000dc doesn't support AES +^samba4.krb5.kdc.*as-req-aes.*fl2000dc +# +# FAST tests +# +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_ad_fx_fast_armor.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_ad_fx_fast_armor_ticket.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_authdata_fast_not_used.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_enc_timestamp.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_clock_skew.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_no_fast.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_wrong_key.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_wrong_key_kdc.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_invalid_checksum_tgt.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_invalid_tgt.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_invalid_tgt_mach.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_outer_no_sname.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_no_sname.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_no_sname.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor_enc_pa_rep.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor_session_key.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_enc_pa_rep.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_sname.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_no_auth_data.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_no_sname.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_enc_pa_rep.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_sname.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_inner_no_sname.ad_dc +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_inner_no_sname.ad_dc +# +# PAC tests +# +^samba4.blackbox.pkinit_pac.STEP1 remote.pac verification.ad_dc:local +^samba4.blackbox.pkinit_pac.netr-bdc-aes.verify-sig-aes.ad_dc:local +^samba4.blackbox.pkinit_pac.netr-mem-aes.s4u2proxy-aes.ad_dc:local +^samba4.blackbox.pkinit_pac.netr-mem-aes.verify-sig-aes.ad_dc:local +^samba4.blackbox.pkinit_pac.netr-mem-arcfour.s4u2proxy-arcfour.ad_dc:local +^samba4.blackbox.pkinit_pac.netr-mem-arcfour.verify-sig-arcfour.ad_dc:local +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008r2dc +# +# Alias tests +# +^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_create_alias_delete +^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_create_alias_rename +^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_dc_alias_delete +^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_dc_alias_rename +# +# KDC TGT tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_authdata_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_pac_request_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_pac_request_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_pac_request_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rc4.ad_dc +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_req +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_req_invalid +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rodc_allowed_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rodc_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rodc_no_krbtgt_link +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rodc_no_partial_secrets +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rodc_not_allowed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rodc_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_rodc_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_service_ticket +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_authdata_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_pac_request_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_req +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_allowed_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_no_krbtgt_link +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_no_partial_secrets +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_not_allowed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_service_ticket +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_allowed_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_no_krbtgt_link +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_no_partial_secrets +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_not_allowed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_authdata_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rename +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_allowed_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_no_krbtgt_link +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_no_partial_secrets +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_not_allowed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_sname +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rc4.ad_dc +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_req_invalid +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_allowed_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_no_krbtgt_link +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_no_partial_secrets +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_not_allowed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_tgt_cname_host +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_srealm +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_authdata_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_pac_request_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_req +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_allowed_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_denied +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_no_krbtgt_link +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_no_partial_secrets +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_not_allowed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_not_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_revealed +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_service_ticket +# +# PAC attributes tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_missing_renew_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_missing_renew_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_missing_rodc_renew_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_missing_rodc_renew_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_missing_rodc_renew_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_renew_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_renew_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_from_rodc_no_pac_attrs +# +# PAC request tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_pac_request_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_pac_request_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_pac_request_true +# +# PAC requester SID tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_from_rodc_no_requester_sid +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_rodc_renew +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_rodc_validate +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_rodc_renew +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_rodc_validate +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_existing +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_nonexisting +# +# Protected Users tests +# +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_as_protected_policy_error.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_mac_protected_aes256_preauth.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_mac_protected_rc4_preauth.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_protected_aes256_preauth.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_protected_rc4_preauth.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samr_change_password_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_mac_not_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_mac_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_not_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_mac_not_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_mac_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_not_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_protected.ad_dc +^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_protected_nested.ad_dc +# +# Kpasswd tests +# +^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_canonicalize_realm_case.ad_dc +^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_no_canonicalize_realm_case.ad_dc +^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_ticket_requester_sid_tgs.ad_dc +# +# Lockout tests +# +^samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_bad_pwd_count_transaction_kdc.ad_dc:local +^samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_bad_pwd_count_transaction_rename_kdc.ad_dc:local +^samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_lockout_race_kdc.ad_dc:local +^samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_lockout_transaction_bad_pwd_kdc.ad_dc:local +^samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_lockout_transaction_kdc.ad_dc:local +^samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_lockout_transaction_rename_kdc.ad_dc:local +^samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_logon_kdc.ad_dc:local +# +# Encryption type tests +# +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_aes_supported_aes_requested.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_aes_supported_aes_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_aes_supported_aes_session_aes_requested.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_aes_supported_aes_session_aes_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_aes_supported_aes_session_rc4_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_aes_supported_rc4_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_rc4_supported_aes_session_aes_requested.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_rc4_supported_aes_session_aes_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_rc4_supported_aes_session_rc4_requested.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_rc4_supported_aes_session_rc4_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_rc4_supported_rc4_requested.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_as_rc4_supported_rc4_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10000_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10004_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10010_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10020_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x10_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x14_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x18_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x1C_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x20_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x38_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x3C_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x4_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x8_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0xC_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_23_18_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_23_18_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_17_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_17_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_23_17_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_23_17_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_23_requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_23_requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18__requested_dc_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18__requested_member_account_stored_rc4_only.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_tgs_aes_supported_aes_session_rc4_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_tgs_aes_supported_rc4_requested.promoted_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_tgs_rc4_supported_aes_session_aes_requested.ad_dc +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_tgs_rc4_supported_aes_session_aes_requested.promoted_dc +# +# KDC compatibility +# +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_full_signature.ad_dc +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_full_signature.fl2003dc +# +# S4U tests +# +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_authentication_asserted_identity.fl2003dc:local +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_rc4_client_checksum.fl2003dc:local +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_service_asserted_identity.fl2003dc:local +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_asserted_identity.fl2003dc:local +# +# etype tests +# +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x0_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10000_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10004_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10010_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10020_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x10_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x14_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x18_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x1C_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x20_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x24_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x28_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x2C_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x30_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x34_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x38_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x3C_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x4_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0x8_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_0xC_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_17_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23__requested_dc_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_as_None_supported_23__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x0_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x24_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_23_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x28_supported_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x2C_supported_18__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_23_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x30_supported_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_0x34_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_23_18_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_17__requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_17_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_23_17_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18_23_requested_member_account_stored_aes_rc4 +^samba.tests.krb5.etype_tests.samba.tests.krb5.etype_tests.EtypeTests.test_etype_tgs_None_supported_18__requested_member_account_stored_aes_rc4 diff --git a/selftest/knownfail_mit_kdc_1_20 b/selftest/knownfail_mit_kdc_1_20 new file mode 100644 index 0000000..4a47ab9 --- /dev/null +++ b/selftest/knownfail_mit_kdc_1_20 @@ -0,0 +1,9 @@ +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_pre_1_20_ticket_signature +# +# FAST tests +# https://github.com/krb5/krb5/pull/1225#issuecomment-996418770 +# +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_as_req_self\( +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self\( +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_pac_request_none\( +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_pac_request_true\( diff --git a/selftest/knownfail_mit_kdc_pre_1_20 b/selftest/knownfail_mit_kdc_pre_1_20 new file mode 100644 index 0000000..a32ae4c --- /dev/null +++ b/selftest/knownfail_mit_kdc_pre_1_20 @@ -0,0 +1,196 @@ +# +# MIT KDC +# +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_NetbiosRealm\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_UPN\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_AsReqSelf\( +^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_AsReqSelf\( +# +# KDC AS REQ tests +# +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_spn(?!_) +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_spn_realm +# +# KDC COMPATABLITY +# +samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_ticket_signature +# +# KDC TGS PAC tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_client_no_auth_data_required\(ad_dc\) +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_client_no_auth_data_required\(ad_dc\) +# +# KDC TGT tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_no_pac +# +# PAC tests +# +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008r2dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2000dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2003dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008dc +^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008r2dc +# +# PAC attributes tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_req(?!_invalid) +# +# PAC request tests +# +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_true +# +# S4U tests +# +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_constrained_delegation_old_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_rbcd_old_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_existing_delegation_info\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_missing_client_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_missing_service_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_auth_data_required\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_client_pac\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_service_pac\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_service_pac_no_auth_data_required\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_pac_options_rbcd\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_unkeyed_client_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_unkeyed_service_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_zeroed_client_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_zeroed_service_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_missing_client_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_missing_service_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_a\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_b\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_no_auth_data_required_a\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_no_auth_data_required_b\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_service_pac\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_service_pac_no_auth_data_required\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_unkeyed_client_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_client_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_client_not_delegated\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_crc32_unkeyed_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_forwardable\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_hmac_md5_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_md5_unkeyed_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_no_auth_data_required\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_no_pac\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_forwardable\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_trusted_empty_allowed\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_trusted_nonempty_allowed\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_sha1_unkeyed_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_trusted_empty_allowed\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_trusted_nonempty_allowed\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_without_forwardable\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_wrong_sname\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_existing_delegation_info\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_auth_data_required\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_unkeyed_service_checksum\( +^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_service_checksum\( diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.cer b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.cer Binary files differnew file mode 100644 index 0000000..15001a3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.pem new file mode 100644 index 0000000..2e2a8b9 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:29:25 2016 GMT + Not After : Mar 11 23:29:25 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addc.addom.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a6:c4:a9:bf:75:ea:4c:8d:3b:fd:8a:0f:b0:a2: + b6:c7:a8:1f:e4:0e:3e:41:ef:d6:10:48:77:7b:4e: + 4c:59:e1:bf:6d:c7:18:7b:a8:01:a7:d5:d2:2c:21: + 3e:d0:1a:da:58:03:e8:42:f1:53:0e:a7:91:b9:2c: + b9:e7:7a:c9:de:5e:ed:4c:93:6b:cc:dd:17:d0:c7: + d1:f1:7c:3d:0d:6f:df:5d:53:5a:b1:1f:a3:7b:5b: + 41:65:0c:7c:ea:53:df:bb:da:41:15:da:49:e3:b9: + 2d:bb:b5:af:ef:8c:b8:84:74:d0:18:16:8e:5c:e4: + c2:e7:a1:87:8f:e3:87:8b:0b:bb:90:30:e8:e0:f3: + eb:c0:50:5f:b5:7f:54:9a:1b:34:43:fd:be:5a:80: + 6e:0f:63:a2:b3:79:42:4a:85:c8:07:c7:82:55:23: + 88:d4:4e:03:2f:f1:95:bd:ed:15:2d:3e:16:cd:ff: + c7:9b:03:29:36:a6:5d:c9:1a:1e:89:a5:ba:66:83: + 0f:96:a8:07:9f:24:b9:1b:8f:02:9a:b8:50:29:8b: + be:63:45:fa:45:c3:38:23:a0:98:3a:b4:6b:42:99: + 13:36:4b:84:ef:27:89:39:34:79:f8:67:16:7b:9c: + 2a:03:41:15:63:46:e4:db:2f:f2:3e:6d:fe:7c:20: + 1e:9f:02:48:a4:bc:15:42:a6:f8:38:86:dc:6b:7c: + 4e:67:a3:31:81:8e:b6:30:1a:eb:3d:08:25:19:5f: + 42:dc:39:ec:79:1d:30:0a:fb:16:8f:3d:19:14:cc: + f5:af:d7:c6:75:cf:b3:96:a2:b2:9b:d9:03:01:a3: + ca:88:1d:72:ed:6f:d1:bf:57:56:8e:b9:07:9b:b9: + 04:13:1e:0b:5a:06:6b:2b:43:a2:dc:d5:b7:f4:ba: + d3:ae:9d:ad:fd:d3:8a:7c:2f:87:32:fa:89:88:58: + 00:ae:16:2b:9c:1d:58:82:4d:e5:21:da:d5:6c:f7: + a8:40:8b:c7:02:d5:36:30:ef:3f:09:9b:a6:d2:31: + a3:bf:20:d4:a2:9e:26:c4:b4:c3:0f:0b:6c:00:d1: + 2c:16:b1:2a:eb:06:d9:d5:98:c3:cd:cb:20:68:ad: + 0a:2c:a1:2f:27:41:5c:91:de:49:62:ed:d8:3a:ef: + 68:1c:6d:fe:94:c3:28:68:32:60:08:65:cd:02:9f: + 97:96:2f:0f:87:27:3d:b9:0f:85:62:e8:2b:9a:b4: + f4:d3:d7:c1:93:96:27:23:29:88:b1:39:99:53:3a: + 20:aa:88:44:3b:4a:24:2a:8b:e0:b4:8d:dd:66:30: + df:a6:6e:b7:fc:21:43:16:9e:3e:12:20:c8:7a:30: + c1:3d:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addc.addom.samba.example.com + X509v3 Subject Key Identifier: + 3D:BC:70:0C:74:D4:B8:85:49:1D:08:84:C4:1B:27:F2:AF:72:37:D3 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addc.addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 9e:8b:bb:0a:7a:dc:c0:94:33:bc:18:a5:e6:4a:1f:ff:8e:21: + b1:8f:33:f0:3e:8b:6c:72:55:c4:47:71:5f:ce:e7:31:ef:5b: + 62:04:b7:57:8f:a8:27:9f:ed:69:d2:ec:a8:0d:e2:76:33:8d: + 41:3a:67:61:5c:53:60:c7:53:ed:d7:99:72:29:1d:ae:d3:ee: + c9:76:1c:6d:18:47:e9:94:dd:2e:97:3f:99:af:b5:f4:a1:7c: + 92:f6:4d:b5:c1:7a:0c:38:ba:d1:b6:19:9a:9f:e2:02:84:d4: + 54:01:38:7b:55:86:4a:ee:3d:85:48:01:da:34:09:69:43:25: + 7e:6e:06:73:e0:b9:7c:b5:9c:4e:9c:b5:52:85:32:62:62:25: + 39:fa:02:4b:51:2e:df:8e:52:17:02:50:f4:99:29:bf:7e:97: + 53:91:12:85:9a:69:62:45:59:c4:5b:3f:af:18:e6:7b:e4:86: + 5d:f1:9e:5a:2b:3e:14:6e:7e:d4:47:24:ef:d9:a8:ec:d9:a6: + cb:b8:4f:1a:86:d9:43:20:41:16:15:5f:81:0d:fe:6b:31:53: + c1:f6:84:4c:f3:03:64:d2:e6:44:3d:7a:60:79:d7:37:6f:33: + de:c0:a8:b9:6e:fe:b2:79:ac:b4:53:92:b8:0a:59:2b:cc:6b: + 37:c4:6f:c6:44:02:f7:7c:c5:c6:a6:6f:c2:ad:de:78:1e:48: + 96:cc:fe:59:2e:53:ce:34:d6:e8:f0:56:43:30:32:90:6f:f9: + 47:76:ab:99:63:e3:e8:a3:f3:83:98:e9:05:2b:ea:f9:f9:9d: + 66:70:c7:2c:00:c2:9e:57:3e:31:43:50:50:c8:db:a8:2d:21: + 4e:6f:39:c2:bd:ef:d8:47:99:27:0d:48:b2:58:f1:be:45:bd: + fe:c4:a2:56:fc:06:02:dc:19:33:85:53:ed:38:59:01:16:bc: + aa:c5:d3:4b:37:54:83:1b:e5:c1:4b:dd:34:6b:e5:d8:35:86: + 95:e6:9f:d2:22:84:b1:e2:4f:a7:2e:4d:e6:9c:eb:db:df:42: + e1:b4:66:e6:58:d3:28:10:34:97:f3:9c:6b:5f:05:2c:47:2c: + e3:75:eb:6f:74:0a:ec:d7:1d:30:80:56:44:12:26:f6:4e:5f: + ff:92:f4:62:02:36:9c:62:eb:39:98:53:68:68:95:fb:94:68: + 69:b8:3c:66:1a:ce:78:c4:cf:c4:6f:21:ac:a8:a6:f4:ab:69: + 2a:2e:00:5d:f7:67:06:b1:4f:97:58:88:55:d8:6e:eb:a5:98: + 50:36:21:70:3d:b0:a4:f5:3b:21:b3:1c:f5:a9:dd:c6:4a:c2: + 89:b8:5a:b3:bc:1f:21:ce:4c:68:5f:98:d8:39:70:d2:7e:a0: + 90:df:ad:a3:13:eb:3c:93:f6:b8:f4:d9:a7:51:b3:0d:ea:ee: + d4:57:aa:db:ca:7c:8a:a0:08:c3:98:9a:3a:b7:ba:2a:50:92: + 26:c2:e3:11:ba:12:60:24:b9:59:df:62:a8:d7:4d:a3:cb:ea: + 46:e8:39:f9:83:14:a8:5c:44:75:71:6b:7f:99:bd:68:58:d9: + 6b:d1:cd:c7:45:95:9e:44:1e:85:35:c0:30:2b:18:aa:eb:2f: + 93:d5:be:66:5d:70:ed:1d:04:f2:c1:1e:b5:ec:45:0c:04:f6: + 9d:88:d3:0c:20:5e:5b:23:df:34:a1:f5:ea:b4:a1:44:c0:da: + d5:ea:89:e8:b5:cb:dc:f8:92:ee:ac:8d:61:ed:bf:74:2b:28: + 79:1f:f4:9a:ff:63:bd:e6:aa:79:1d:2c:26:4a:b2:26:53:57: + ba:88:0e:eb:19:57:c0:10:a0:1e:81:2a:c0:56:2e:c3:2a:81: + bf:c1:5a:e7:48:ce:c1:6a:b9:6c:41:cc:44:a6:b8:70:e2:57: + 0e:6d:41:d6:61:da:bf:ac:20:2c:a7:2a:67:23:98:00:ba:ce: + 8b:a8:c2:45:66:a7:08:eb:7f:0a:b5:e7:9b:d6:f4:07:d5:b3: + 43:cd:27:d4:fa:c9:40:8f:af:b2:36:1c:e7:44:b4:4e:cc:5a: + 2b:73:ad:8f:c4:d9:47:a6:fb:2c:7d:1a:80:2a:55:b3:80:34: + 6f:8e:17:27:93:05:21:40:e9:8f:bf:47:6a:52:f5:2e:b5:18: + d1:8c:1d:83:04:80:55:fd:21:28:dc:7c:be:c8:c1:5f:e4:40: + d3:13:e4:66:bf:ad:92:4e:9b:db:c1:be:a3:42:74:da:c3:2c: + 0a:da:3f:94:14:ad:7e:de:81:c6:01:6a:f7:7a:b4:25:51:b0: + ab:cd:b3:3a:77:bf:c3:6b:04:44:30:73:41:ad:93:49:67:ee: + 43:d1:96:8e:36:83:2b:1b:6c:e7:cc:3e:d6:16:b9:88:4a:ab: + 56:c0:76:00:f6:9a:6a:8a:e3:e0:41:75:9d:3b:47:0f:c9:0a: + 8e:9f:9c:00:92:bb:ae:d8:42:56:35:64:eb:59:13:da:2c:63: + 83:c3:ec:68:91:b5:f3:71:85:48:54:c3:9d:a1:c8:63:f3:de: + 5d:a5:34:a9:1e:85:2c:2c:b5:d8:a9:62:8d:26:1f:b2:9e:a7: + 83:4d:df:69:63:b5:b7:e5:dd:e7:3b:18:e5:b3:77:df:c5:47: + b3:f7:8c:e7:5e:87:2e:46:e3:8f:b1:2b:9b:c6:26:2d:1a:28: + 30:13:10:86:5b:46:87:b1:2d:12:ce:b6:fe:1c:4e:44 +-----BEGIN CERTIFICATE----- +MIIJ9DCCBdygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI5MjVaFw0zNjAzMTEyMzI5MjVaMIG4MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSUwIwYDVQQDDBxhZGRjLmFkZG9tLnNhbWJh +LmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNv +bUBzYW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAKbEqb916kyNO/2KD7CitseoH+QOPkHv1hBId3tOTFnhv23HGHuoAafV0iwh +PtAa2lgD6ELxUw6nkbksued6yd5e7UyTa8zdF9DH0fF8PQ1v311TWrEfo3tbQWUM +fOpT37vaQRXaSeO5Lbu1r++MuIR00BgWjlzkwuehh4/jh4sLu5Aw6ODz68BQX7V/ +VJobNEP9vlqAbg9jorN5QkqFyAfHglUjiNROAy/xlb3tFS0+Fs3/x5sDKTamXcka +HomlumaDD5aoB58kuRuPApq4UCmLvmNF+kXDOCOgmDq0a0KZEzZLhO8niTk0efhn +FnucKgNBFWNG5Nsv8j5t/nwgHp8CSKS8FUKm+DiG3Gt8TmejMYGOtjAa6z0IJRlf +Qtw57HkdMAr7Fo89GRTM9a/XxnXPs5aispvZAwGjyogdcu1v0b9XVo65B5u5BBMe +C1oGaytDotzVt/S6066drf3TinwvhzL6iYhYAK4WK5wdWIJN5SHa1Wz3qECLxwLV +NjDvPwmbptIxo78g1KKeJsS0ww8LbADRLBaxKusG2dWYw83LIGitCiyhLydBXJHe +SWLt2DrvaBxt/pTDKGgyYAhlzQKfl5YvD4cnPbkPhWLoK5q09NPXwZOWJyMpiLE5 +mVM6IKqIRDtKJCqL4LSN3WYw36Zut/whQxaePhIgyHowwT2rAgMBAAGjggH3MIIB +8zAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEu +ZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEG +CWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwSQYJYIZIAYb4QgENBDwWOkRv +bWFpbiBDb250cm9sbGVyIENlcnRpZmljYXRlIGFkZGMuYWRkb20uc2FtYmEuZXhh +bXBsZS5jb20wHQYDVR0OBBYEFD28cAx01LiFSR0IhMQbJ/KvcjfTMB8GA1UdIwQY +MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MEAGA1UdEQQ5MDeCHGFkZGMuYWRkb20u +c2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcD +AgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAJ6Luwp63MCU +M7wYpeZKH/+OIbGPM/A+i2xyVcRHcV/O5zHvW2IEt1ePqCef7WnS7KgN4nYzjUE6 +Z2FcU2DHU+3XmXIpHa7T7sl2HG0YR+mU3S6XP5mvtfShfJL2TbXBegw4utG2GZqf +4gKE1FQBOHtVhkruPYVIAdo0CWlDJX5uBnPguXy1nE6ctVKFMmJiJTn6AktRLt+O +UhcCUPSZKb9+l1OREoWaaWJFWcRbP68Y5nvkhl3xnlorPhRuftRHJO/ZqOzZpsu4 +TxqG2UMgQRYVX4EN/msxU8H2hEzzA2TS5kQ9emB51zdvM97AqLlu/rJ5rLRTkrgK +WSvMazfEb8ZEAvd8xcamb8Kt3ngeSJbM/lkuU8401ujwVkMwMpBv+Ud2q5lj4+ij +84OY6QUr6vn5nWZwxywAwp5XPjFDUFDI26gtIU5vOcK979hHmScNSLJY8b5Fvf7E +olb8BgLcGTOFU+04WQEWvKrF00s3VIMb5cFL3TRr5dg1hpXmn9IihLHiT6cuTeac +69vfQuG0ZuZY0ygQNJfznGtfBSxHLON16290CuzXHTCAVkQSJvZOX/+S9GICNpxi +6zmYU2holfuUaGm4PGYaznjEz8RvIayopvSraSouAF33ZwaxT5dYiFXYbuulmFA2 +IXA9sKT1OyGzHPWp3cZKwom4WrO8HyHOTGhfmNg5cNJ+oJDfraMT6zyT9rj02adR +sw3q7tRXqtvKfIqgCMOYmjq3uipQkibC4xG6EmAkuVnfYqjXTaPL6kboOfmDFKhc +RHVxa3+ZvWhY2WvRzcdFlZ5EHoU1wDArGKrrL5PVvmZdcO0dBPLBHrXsRQwE9p2I +0wwgXlsj3zSh9eq0oUTA2tXqiei1y9z4ku6sjWHtv3QrKHkf9Jr/Y73mqnkdLCZK +siZTV7qIDusZV8AQoB6BKsBWLsMqgb/BWudIzsFquWxBzESmuHDiVw5tQdZh2r+s +ICynKmcjmAC6zouowkVmpwjrfwq155vW9AfVs0PNJ9T6yUCPr7I2HOdEtE7MWitz +rY/E2Uem+yx9GoAqVbOANG+OFyeTBSFA6Y+/R2pS9S61GNGMHYMEgFX9ISjcfL7I +wV/kQNMT5Ga/rZJOm9vBvqNCdNrDLAraP5QUrX7egcYBavd6tCVRsKvNszp3v8Nr +BEQwc0Gtk0ln7kPRlo42gysbbOfMPtYWuYhKq1bAdgD2mmqK4+BBdZ07Rw/JCo6f +nACSu67YQlY1ZOtZE9osY4PD7GiRtfNxhUhUw52hyGPz3l2lNKkehSwstdipYo0m +H7Kep4NN32ljtbfl3ec7GOWzd9/FR7P3jOdehy5G44+xK5vGJi0aKDATEIZbRoex +LRLOtv4cTkQ= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-key.pem new file mode 100644 index 0000000..6f11ced --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIpUlK4cdzu/UCAggA +MBQGCCqGSIb3DQMHBAju3WkqK++BQgSCCUit3hNjGErKHafSn7CLnhKlNTzvtaAv +PwTStReWMNULMJ6Z1Rhm0jO8x5BBStEHy3A4h1GmWNSyIzOhZqGi3K2SqpBa9+TP +SSYzeNKCsv/06QeQ3GTJJF2GTKLw8I2tZOJnNy5wYprGDuz92AAncj645C8xBYb/ +RgN1YyHh3B2tkPlOVZZU8z8hH9iaDwKiXfY0+EgVDSCj1pHWKEzGzhx4UtyKhCc5 +1J4fyPA+8SzJ0tRAohLHdrm9KIn/tawbbS6Ce8iwLBad6A4k73WgYW4ZawMA+n1X +OIhyCR/dfIlPRPcojyN4c2O5uPmGCDErt6awUY7LyctZPRAUBbk83i69HbRvK/kq +JuyhTIWUbhVpvt6HZxCC0cFBy7tlSeOL3LXlu1JoWAEqCVm8vHQPs3WTwTTrShHP +kauortTdLstddxqPwWKmUcSLcviK+IfD54y3fJGYMr5goLdXCGfb7XZQoXANIYKP +di/jXOn6PTjKdC7/J8G0UZmRmjEvxp5CBPiNqr07YJUfu7IN4KxEKRf/aDyJ1npw +JEaMFiBvFx0Vr5nm7trQ43TdkuHbn7MY6nkPMbzC8a8KcKFGbnU/n6TIyeGYo2o5 +2ICW3QmXjzhrWiDzU+cEbSEs77UAQJNrSxRVuKKuwLEnuy6/pRhlxex6Hp6nNCOd +dTZKDeqHsntRa6zTuOleh+XOMHeSuHjhJdThxEszHPFsYzH/EtE8TaKiBQE9kecy +M+nbxfMqRTYitsl8wTPiuoTgrzDjUJcAAsS/jDNYUA63NCG2BT9Gq9qY48DwfWGM +YPMYj6CfRwsyAPSeC7hV31olnGAp15kBhM2TpxE6KqUnGuxL0ET9LJsHjaRsP+r1 +KMjNmibQSy948LIvHhEtdfg5/Jn5jv6JHmmSBktma4C+MUfQKBinzy6MM1IAaZlZ +hUdL14VnERFh9OGLjZGBOBlk/9FU2Yf4lfAtLgT95GezlYQIOqpG/Pkm04wH71+W +bfW+53gBQqcaSexM5QFsqRspq7yyLX0mElG6z5gOmEJN3rV+DZ2d+84dxKQ5rX++ ++mLYlfQKe1K/1F8HVXH/1ZMeAkzvxk1Odlm6fhwcTHciX3CSESAtJeLSD3PNgSE1 +f0Lep/CteZecOnM63T454jC4V49qXYgQBD32WuOHIbFhHd/lQ5Zj+3T5LgKlE5H3 +5oTUU/+DFgqFrwHlM5f1Ha9G8rjuHucjHyQ7ix7jNjEIoG82It8ESisIOoOwb3bc +Jjkfj3v7f5Axi0wyD94KLFntBCI64uhyTk+JuvagA2KnLQ5uWEFRgqhMXRNg3kbI +STOAopjoB2bnIvQZxQ8hxOT67EjKd7iJJXh2zfBAQ7dvnVKznvdSamTcB/Uh3IQR +RjOZE3ej3lEb4XCM2NCyqZvFgoU+Og4yg+4yainCE+6Jt1jYNvms2iabxC+ZQZ3t +/vCgVDvnULX5FJvphGK/Idua5FFIeSNLOoK9qjfrBNL9kdFVMWCyMyK0cIdsZFRp +2at32a9n8OU1rRYgFn8kaWK4JQqKelm1qVCixcHLUtI/cyp+t7vvjOGRnDrbfoK0 +ae+pt0De0aBsOMKmUetn3CXFXIyQa/FJ3W8X7yl82ctS3ZZmWcND0Lqhoa1JADdj +vbxxGzh1rJPsuPePwIXAVqtbVJD84i+dP0+i1oR/e5jNgRKj0tJcfZnnsvmSIldY +FvxDpIX2h/tDrTKfwQzFHBBuPA00ZuGfftGc4LD7SOVjVb6CF2GMX/0+zmKlPf56 +FvxvGl+GwLPz/BaSGlT/4DApF0HJEZ1AeSvzHGhdgWecbk4s/lMAnv17vH2YWql1 +uJ54FgDAT0ufzAb0aHAl3YO8pYDOOXGqHaqWRMJvtuh15FB52HYvt+Ojo2mzPu4j +lvUcOBRMzgPl8zcs0L/WgE0SggC6DpXGU+rK1/J91qlNRBJ664R6j0iyskPvdzYN +aJ8ZZSJ+yQPralfSD/Sd+RcRviP2draINoyVbFHSH2zvvhcZc0ETL24tNI/tSXpR +Cw86CajiN7T691pC3eZyQLSQJnMSY/0F0i12KU3J+1kq6eeMSoPc5EKItfH5wxjw +RPnJAU84HGIQEAhEn6Ht1XaZcMfo9xyr9WMpmyH4OoTLt1+gFGgSCfbjsusl9aNl +EDhcYmav8OFHE48qvEoYyHD7S3fwsxKFSCJpYTRweBRQaEzpq1z90tVxzhLZFpJe +A7sw/HpiOuty0hDHQ5JaiRBsQ+CiOsVdWZXzaI/H0aoaPbLbpursuTPPPG5OFqvL +WIIDfFYZ9rhy8t/YaAeTyFoLx1VU7m88ZZndyaVXhnqp7iaU14NXlelPeyKJ3ZXc +pd6gZ4l1XAJHbeyiBx+6khtZb6JTLbYpwfbjTqPmDtNw2PVb5rwF0ZSeP6LXKOEM ++WntayDMbWK67yUCBlkPTpY4k+8nV8pJ+th9sR8LlL7d9rZgbSjmxG8XgjC7HHg+ +4I2O7poGQMVgtMeIsGZRIS0cTpm1dpCRfFQPR0DOB6+wjDRPIRNNiTZQYdkpfHQ1 +QSpCskaWG9HzJQGSu+meN4LdaKEoXwNMMz77fCTWhXXkvy6Ujm44EpOOfaHXpg7T +AQagXzyII0xXj+rAFkqmnyygWgxpou6f3MkoWxIC/qYocC4Ci3oWMAZVssWfnhoP +T/ZormTZN3uQCZYtfwTjbjh5efFQc4I9THxkHV6eyhGE7MQO/D/5zjBzkwmNsU6b +GttZyyHto+oKlXMF9dNKxLkQbtVO8ZDIDuNP+sb/m7wj3GG2MNoklp6Cd7lckimv +PqkQP7PQa8h6EeFXmTKqi7vfgsQAEIzTfOLJDvfHhLC54pjbFPR8vY0T5Y2Dwe8w +rMPwFenW1ae6DjeGDHij3+QbQmTYZeu8Hblhs5DNhy7wtZX05IUsioVfJLC9QngN +Y5u7OuMGQLPdcPjWHBuZsl/lMdii1lOB/PrExrEIsybSGPQonDfK6x1pOeyIJsbr +fDnevcamxLpG6BU8U7AqE1QHa/sJGNO/lgsHGLrb5A2id1J+VttSxSG09sML49uw +T+vmgdVbVjsYRvMSjMfwRrVp4NARlXph5FUA2DxAKXvr1reicAleVgQDcokAHhLi +vGZ34XFIZHB+YZvHxd3tZxLcKvAMZQJTPlO6RdD9cx+84DEfevaJilUjyu6Ga4ty +HjA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-openssl.cnf new file mode 100644 index 0000000..bdd0364 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-openssl.cnf @@ -0,0 +1,250 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Domain Controllers + +commonName = Common Name (eg, YOUR name) +commonName_default = addc.addom.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate addc.addom.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=addc.addom.samba.example.com +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:0123456789ABCDEF diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private-key.pem new file mode 100644 index 0000000..eec21e4 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEApsSpv3XqTI07/YoPsKK2x6gf5A4+Qe/WEEh3e05MWeG/bccY +e6gBp9XSLCE+0BraWAPoQvFTDqeRuSy553rJ3l7tTJNrzN0X0MfR8Xw9DW/fXVNa +sR+je1tBZQx86lPfu9pBFdpJ47ktu7Wv74y4hHTQGBaOXOTC56GHj+OHiwu7kDDo +4PPrwFBftX9Umhs0Q/2+WoBuD2Ois3lCSoXIB8eCVSOI1E4DL/GVve0VLT4Wzf/H +mwMpNqZdyRoeiaW6ZoMPlqgHnyS5G48CmrhQKYu+Y0X6RcM4I6CYOrRrQpkTNkuE +7yeJOTR5+GcWe5wqA0EVY0bk2y/yPm3+fCAenwJIpLwVQqb4OIbca3xOZ6MxgY62 +MBrrPQglGV9C3DnseR0wCvsWjz0ZFMz1r9fGdc+zlqKym9kDAaPKiB1y7W/Rv1dW +jrkHm7kEEx4LWgZrK0Oi3NW39LrTrp2t/dOKfC+HMvqJiFgArhYrnB1Ygk3lIdrV +bPeoQIvHAtU2MO8/CZum0jGjvyDUop4mxLTDDwtsANEsFrEq6wbZ1ZjDzcsgaK0K +LKEvJ0Fckd5JYu3YOu9oHG3+lMMoaDJgCGXNAp+Xli8Phyc9uQ+FYugrmrT009fB +k5YnIymIsTmZUzogqohEO0okKovgtI3dZjDfpm63/CFDFp4+EiDIejDBPasCAwEA +AQKCAgAloAU0PyRHdS3tu/JiRbO7RAE98MC3G6dOMStT1IyBUt9foyWw8Gy/Mwyi +DDYhuY09glQqlkvI6KGGB8NBqIBW/U/IkRInPFKdNhf1xbP4jh707VNu1taJhEMy +yyh7rcSym0FH7uHw0NyylwFEqJkQuVIhvSUNbEdU/yqYmhsAkfsVQxOnfSDZWMjf +KAUsZ6rZFCyYOpWaPz58A4WjTp+csbSEBOpgC+HINVc1bIH0nSeD/otIO+RWgh5y +usPdBlkRu8wOj4Z4r05cG13ZDnB3jyG7QBSBHNRTpW3zALWaZvLgsxUg5+ib0W0b +UBbQeKE57rsmlN4ZXa3ny+U4l/6QQDSMtrWPNBCMrkt1Q/52gQk1IGeONUAQdLQT +uBx0Vdn5ZvIFRBnkQl2KWOBWTdD2v0qxIHhXlsWX7tGVU7eh3GIAPoFzQZFHpPhA +RObE8fNg/3HMVGDUwXnd4k+6c1t+Ioa17FuLJE4lr5c55Klq2lJ4Oq2Jd6AfoGjv +anA45ChI6lrg2Kt7OhUEHIIHyZmm7eNmBHoGA3r+YJyiQQIGSiNjH+Up54KWa88z +p+ZY1u3VdOiNuKVlRn79q85Th4HyMlx7wuY+t8HAj42Vt03Uy7iDaaTfuPxehMyS +MqcRWR5MhavR5ShTtsIXwvUgWj/YcqaOb9Zfe2Y1RgFURKN3YQKCAQEA0I1hTnGs +KE5l9dGowKm2io6pZr8J2B8ITjp8pdAaY46Ws1tfcTkbbpBUvyrflCIgLIP9KTP3 +6cc4HrK11mf8rPD1pHNWJd7CjPTLQFMYu+h8YlBqKwrgA8owLzUWG4omS0vehCnG +6OIPi8ceUc2u6XW+TGKP4n8GXJrrKaw9hw83u6h9YQCpgfwF4QpwX8LzTMKnI7te +HxUQFlhKX3vci+dP4n29c6yGl57830E7LeQGRfjo/NAV3pAAcHk79cEzOJQCN1Wy +bNU2kcoOA3tGTI8tCfBdwpN11Sz2/tu4ytJE2weP5S7r9xOTq8t+iKQ9+NLhAvJU +8S2mIkyFAi8tWQKCAQEAzLWsJ3qxyaLHv4tOFTqenSj0CbB25OIzDQNLT++L4fYn +YAqL6/G83bRVbdYvfJ3ZdZdnseluGrR8ZcxdqioLCws66+O1vC8GkHI5aBKZt4MD +Um+SzD6ZnARYcTbtRmPUJHxIdny2dbYLe5dDlqTFIV+olWDR+1YMSzXt/VW+jx9I +tHhw8LJAxhMhDt0Gh+CxNFHQYdkdK/OuNTBufT/rxeT3E5t3TbSG29pU/F2Rce1G +CCy0nbFsTMjPusSzwFJILWHdvBAYJceOajvqZhlaTV11u/qrj9gb+nJkH+rKvJnA +pK2YyFWqomnGCZB61Y5LOfjk2b1BfVGCdqpRrBCOowKCAQBun3/NB1jlbGiDEvor +cBpmtrO+z3jeTd+u9zElFxTYWEsxyjb/LOaTKDX7zTcZMVzVoBGKaImJVOY8yljP +6QrLhWkXGSLKJbYW5MZnUWyeR/yqfbNDL5qSCA61C7i1VPtpF05p1msvHrJWV4GK +rMqqBY2yoNlnsC9ksbwpt7ZPTNAoV4BiEuLXEyLfMxVWhmdeASZ9Oqb7X8XPxHd2 +3JGpGEJ0hnQWxp4CERBbMBO/DOQS+6xCZfIjw0ioYHZgrmGIEmJ2jZt+RT6T6JS0 +XhB1DcE7M2fYjTWEpTxDBbOoyg5CDGnUjKYXwiejieaNfmls8hbu5DIQWEF2khY/ +iVzJAoIBAENOiGgCo2oUp3CHMQkx2Oz7hiGZb74Z0Yc5yg1iSa/l61Rco1zUgrCy +llQi1EI49EMBoQqSIa2OIkimRTWp1S+wZZMhr6NMIvBjXhSl6Py5iuIT5URaYM83 +bozq7mDyedH1Oy4aGzPgwy3DsmlZi6dJeHiE+QWWaTxhYvqksp8EPjd4UkoRkdKO +f5QPgBI1Ao6dR9KkPD8zQ9ghMHLmDXNnsQU1XKij7qNiygagDS5UQW52pHwk1eL5 +M7PI8QEPDMQ/JVSsRgRF9MFhKdSgCVzemdNQvA/zkl9qNRl5bWdNdlWu7kkQQaZc ++Mw0QO7udjV9bGFbJKk7n5W8slXMq9kCggEAJ2yzyZKdQZtuXpf6WN6sNqRJ6CHo +k9en+acEg9Y+5lVt2CRblprQxhdUV2KyN7G8GxV0hMwmHtMTeB4j6jhdZrAAZGVW +upqCfY2vSYQ/svCeB0Fs5DMEI4iCS5Drn8gKKi/zWAbox9sb+zaYT/Ot5p2Ki/HH +YIh+p8EE6IFWE3jChabPQieXVOC7tg/qaxWVHTv7Qe2fdZTY3XifTcN7hVghf/bH +Vn+VdU2u/7hE7X3y9YNETNSin5U3F0BSm1tUQimUzU50+9Nl2UGPBI39e+15qRz7 +JHocpq9h9+k3T7qWwJxX74YhcTqdb1pGsKUEmo7r6rPR4L5h5nCF3OgR9g== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private.p12 b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private.p12 Binary files differnew file mode 100644 index 0000000..994cba3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-req.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-req.pem new file mode 100644 index 0000000..5b356fa --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-req.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFEjCCAvoCAQAwgcwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +GzAZBgNVBAsMEkRvbWFpbiBDb250cm9sbGVyczElMCMGA1UEAwwcYWRkYy5hZGRv +bS5zYW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmY2Etc2FtYmEuZXhh +bXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCmxKm/depMjTv9ig+worbHqB/kDj5B79YQSHd7TkxZ4b9txxh7 +qAGn1dIsIT7QGtpYA+hC8VMOp5G5LLnnesneXu1Mk2vM3RfQx9HxfD0Nb99dU1qx +H6N7W0FlDHzqU9+72kEV2knjuS27ta/vjLiEdNAYFo5c5MLnoYeP44eLC7uQMOjg +8+vAUF+1f1SaGzRD/b5agG4PY6KzeUJKhcgHx4JVI4jUTgMv8ZW97RUtPhbN/8eb +Ayk2pl3JGh6Jpbpmgw+WqAefJLkbjwKauFApi75jRfpFwzgjoJg6tGtCmRM2S4Tv +J4k5NHn4ZxZ7nCoDQRVjRuTbL/I+bf58IB6fAkikvBVCpvg4htxrfE5nozGBjrYw +Gus9CCUZX0LcOex5HTAK+xaPPRkUzPWv18Z1z7OWorKb2QMBo8qIHXLtb9G/V1aO +uQebuQQTHgtaBmsrQ6Lc1bf0utOuna3904p8L4cy+omIWACuFiucHViCTeUh2tVs +96hAi8cC1TYw7z8Jm6bSMaO/INSinibEtMMPC2wA0SwWsSrrBtnVmMPNyyBorQos +oS8nQVyR3kli7dg672gcbf6UwyhoMmAIZc0Cn5eWLw+HJz25D4Vi6CuatPTT18GT +licjKYixOZlTOiCqiEQ7SiQqi+C0jd1mMN+mbrf8IUMWnj4SIMh6MME9qwIDAQAB +oAAwDQYJKoZIhvcNAQELBQADggIBADLgdZz1gvzpnZPwd5KCxjwKgiotlUGBh6t6 +cLhyomCN02adMr0PPJP/n3r1Zsaq2db/zktP8J5fUYqA9vJZzYukzkKRHbl+rdHS +JVEvHmbsG3729V9cy40kuL0EAM0weBbfQZaeFxfcLxl5v14QOxvldrmYSK5GaLh8 +WSEz4uljrI8ee3q8Cn08xlZ2Dr3MoHI9unEcLJFXkpCwVBALFhw5dG8od3jl8AyS +WeMVbdD9fm4jnHE/RDSPDqUqMCGIYmrB5amGO5rSLDTWxDxrcHFRM7sa359nW2IA +GoZd+r8Vf2AZ8i/KRgH7uIFB2BJm4L0QiVlajy3odW3zhQIVXNh9p58aGzOFQGkq +Gsld4WI3gZZeSvGgGIjoB2+AYRjxTzUn5qSFVev5sFLK3cNdPZo66xltuPBhfXB/ +v/+/TQC80oZ8oZGdgYvBBT1IEg4pwB5Myqeps9J7kbJVmtxR2EGlq/aGN0yE/fy9 +S8ners0iXBJP18suSwbjj2unZQMBYLIgHLkzztxAMGYBlfEljSAvDfFCsK5Rkmya +soxd1qHHMG8Ap+WZagpkK9tv42HwmbYKVeDArGAHr53aC4ripgrSBnzpmkiSyi4p +mb3L5K/ZSOxo3xrS0wERq3p6FalF8/AhctgzWOgMvikVoTUy0xPsG/hulXPyk2UG +rYn+WPQz +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-cert.pem new file mode 120000 index 0000000..43b4b51 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-cert.pem @@ -0,0 +1 @@ +DC-addc.addom.samba.example.com-S02-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-private-key.pem new file mode 120000 index 0000000..3170fe7 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-private-key.pem @@ -0,0 +1 @@ +DC-addc.addom.samba.example.com-S02-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer Binary files differnew file mode 100644 index 0000000..f68d26d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem new file mode 100644 index 0000000..6b25079 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-cert.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:30:28 2020 GMT + Not After : Feb 23 13:30:28 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:de:fe:5d:7a:30:99:bb:1e:11:56:ac:b0:d4:01: + 50:30:83:e1:71:0f:aa:3e:1a:b4:f7:9d:ea:93:69: + fc:be:51:19:4c:37:f7:a3:b3:3c:90:13:62:63:14: + 9d:b8:54:66:17:65:4a:67:8e:ce:96:7f:4d:c2:c6: + 6e:fd:3c:ae:bb:e2:5b:6c:ee:51:7b:db:37:17:94: + 99:02:3a:2f:a9:cb:d0:23:29:b7:43:33:08:fc:3f: + 15:3b:ed:3c:eb:69:5b:95:45:18:1e:85:5e:aa:31: + b6:3e:18:c8:2f:3a:48:2d:cc:c6:69:28:b6:5c:ac: + 24:03:b1:83:e8:e6:96:a7:06:6d:fe:73:13:04:d2: + 18:0f:d4:72:f7:88:22:40:5b:ab:68:a4:89:e2:3d: + c0:ca:e5:a7:ae:b6:f8:ea:8a:8c:39:9c:6d:1b:89: + ab:72:2c:04:27:40:7e:f5:d3:3f:5d:d8:0d:71:67: + 65:1d:e3:3d:65:b0:97:7f:14:ad:92:43:2f:3f:04: + ab:1e:31:52:07:7f:df:48:ac:9a:c0:28:d1:ab:eb: + f2:79:b3:d2:44:5f:e8:2d:92:d7:d8:be:03:fe:db: + 55:2b:4b:f8:9c:b4:ce:02:78:07:72:0f:d5:32:cd: + 01:1e:3d:b2:6e:25:29:fa:09:49:49:ab:ed:dc:2b: + 10:c5:3d:19:3c:c4:1e:da:ee:95:c2:ff:f8:50:b4: + f7:47:9a:a4:7d:1c:9a:8d:77:da:b6:a2:e6:4f:cd: + 80:b9:b1:f2:1d:dc:90:60:37:6f:39:5e:a6:03:e2: + 8b:44:d7:a4:45:fd:7e:4f:43:14:f0:68:0d:e6:84: + 8f:21:20:53:f6:b4:67:bd:fc:5d:f4:48:2a:95:1d: + 7d:79:ba:a1:ee:b8:f0:83:83:7f:ab:b1:eb:38:4e: + 3c:4b:8a:93:80:15:63:4c:43:1d:81:4b:c1:e6:d5: + b0:9f:6c:49:9d:04:92:66:6c:9f:7c:d3:62:50:72: + fc:77:65:87:39:d9:d0:ef:5e:53:49:32:4a:d3:1b: + 4a:88:45:f0:0f:a2:5e:33:29:bd:ab:3d:6b:3d:23: + bc:c6:9c:9d:98:9c:9d:8d:cc:32:3e:e1:8c:98:19: + 1c:44:ee:17:43:b3:b0:47:a5:fe:15:49:aa:5a:b7: + 76:43:4c:df:9a:e8:33:3d:52:e8:6c:2c:dd:3e:d8: + a9:e9:2d:36:c2:3a:43:75:b2:bc:d5:bd:81:8b:fc: + 63:37:61:88:24:bb:76:35:19:00:44:7a:3e:30:a8: + 9e:8f:df:74:14:09:0b:f5:8b:c9:b0:ed:be:d0:cf: + c0:7f:61:41:07:f8:6c:7d:0a:05:96:4f:6e:5f:cc: + 40:f3:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addcsmb1.addom2.samba.example.com + X509v3 Subject Key Identifier: + 5B:85:11:27:BF:F7:A6:2B:8F:51:93:D8:29:4E:0E:A2:67:AA:9D:80 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addcsmb1.addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 73:de:7a:35:bc:15:ac:32:44:5b:98:60:64:12:af:ea:42:46: + 7d:fb:b2:88:b3:47:61:c3:0b:6d:d1:68:92:3d:44:cd:37:86: + da:10:d2:18:db:19:29:03:31:1a:26:cd:70:d1:ec:13:ac:59: + 84:cd:be:9f:2b:c6:2d:10:aa:4b:4d:78:39:d3:6b:e1:4d:e8: + 10:a0:3e:97:d3:1c:19:11:e4:0f:26:7f:96:d7:26:17:23:02: + d9:4b:47:0c:af:c7:ef:28:ae:1c:28:e5:d2:7a:61:46:70:3b: + 49:5e:d0:65:54:4c:ae:14:27:c0:e4:17:41:2c:1a:42:0d:86: + 6c:37:48:65:80:02:21:b3:2b:1f:4f:34:a5:ce:7b:b0:fe:06: + a6:fe:c5:1b:ca:e5:e6:7e:d5:dc:01:d2:50:c4:f8:5e:73:6c: + 2c:56:81:d0:a4:73:bf:82:cb:d8:76:ca:7e:44:99:3a:5f:a9: + 97:89:a8:5c:5b:1b:38:0d:4d:cb:02:49:69:82:13:68:a6:be: + 4b:a3:57:a6:a6:e3:f0:dc:ad:1c:30:00:bf:ed:15:ca:c3:3d: + 5c:7b:dc:6d:e6:cb:bb:bc:a1:22:e7:32:95:e0:0f:6a:ab:40: + 0c:43:ed:f3:98:63:7c:2f:15:63:49:4e:5c:82:65:13:f2:53: + 26:d7:4c:c6:f8:7e:fa:bc:a8:22:44:f1:fb:a6:bb:27:64:ec: + 94:28:19:4a:af:09:7e:01:8e:9d:3e:43:e5:79:fd:16:ed:24: + b4:ab:58:02:e2:9e:f8:a1:b0:45:25:6d:2f:be:bb:88:90:c7: + d8:45:31:48:65:26:33:86:cc:46:69:53:6b:f1:d6:35:df:b1: + 39:ed:81:e1:23:f1:01:de:99:10:11:f0:3f:4d:5d:d3:8a:0c: + 44:78:f6:27:4a:32:1d:ab:0c:63:d0:71:25:62:67:f5:0c:7e: + 2c:7c:a4:ec:8d:de:00:6d:5f:69:5d:bf:e6:c7:59:75:87:5e: + 2c:12:dc:a5:1b:dd:c1:7a:c9:56:63:6a:3b:c6:9a:b7:fc:15: + 01:53:4d:c8:ca:c7:c8:81:50:a0:65:43:33:fb:aa:55:64:a0: + c3:2e:e2:f9:08:64:e5:75:ab:98:b3:38:ba:8d:53:e8:08:47: + ef:cf:a9:f2:16:25:1b:20:78:2d:6f:f5:83:ee:35:d4:b5:c5: + d6:d7:81:17:bf:9c:45:43:d1:88:74:22:1a:32:b2:45:73:a2: + 28:d4:da:ff:85:f9:75:1c:4f:84:6a:a5:1a:41:eb:8b:e0:1d: + 49:69:07:2f:5b:5e:e3:7b:00:f8:4b:67:5b:42:d7:51:de:1c: + 18:89:2f:f8:36:e7:b5:a3:6c:39:e3:88:dc:5d:7f:2f:d9:52: + b6:6b:9c:e9:1d:df:d0:18:68:25:70:7e:71:fb:b3:40:28:75: + e9:24:38:6f:70:5b:1a:f9:bf:e9:43:bd:4b:51:e3:df:e3:25: + 11:ae:30:4e:7e:55:58:43:b3:65:05:11:2d:0e:a4:3c:b8:8a: + 0c:f9:93:ab:27:28:c0:b2:17:76:52:9b:18:82:b7:fd:a6:4f: + 6e:a1:74:2b:19:59:ac:b1:d8:5e:fb:f3:69:37:16:59:01:4c: + fa:a9:57:52:04:d4:45:8f:10:08:8a:ab:88:aa:96:46:9a:aa: + 94:b5:c6:bf:e9:9e:9a:cd:40:f3:2a:ed:23:ff:a6:f7:9b:18: + 02:d9:ab:76:96:ac:15:6f:04:5d:92:d2:49:4c:4b:62:da:3d: + 2a:a4:59:22:1a:75:cd:6e:fb:62:50:da:ae:9d:28:7d:4d:32: + 2f:d8:cd:37:67:f9:1d:c1:d5:76:40:ba:34:f6:8c:92:5b:c0: + 65:f6:3c:90:6c:5b:67:09:0d:d3:14:90:38:03:82:06:c3:b7: + 85:74:7f:15:f4:5b:de:66:5f:71:a9:f1:ed:15:9b:a0:72:ee: + 05:d7:b3:92:30:65:2e:82:90:21:fe:f0:07:34:11:d3:87:41: + f4:35:04:0c:b4:28:f5:73:b8:d5:0e:e3:2a:53:ab:9a:3f:4d: + 59:f9:18:68:f0:31:90:1d:d6:25:c6:8b:33:e8:dc:06:93:7b: + cb:01:de:8b:1e:87:5a:26:a0:0d:5e:f6:6a:36:43:54:53:6d: + 87:10:ca:a8:15:1a:4a:37:95:a5:67:93:74:ba:c3:59:9b:f8: + b5:ab:10:98:fc:ff:d6:d2:61:17:5d:90:7e:b1:2a:16:ec:d5: + da:80:67:02:13:41:d7:bc:a2:af:0b:54:08:b3:2e:1b:05:50: + 80:f6:c7:9a:8c:ac:89:49:4a:f4:4b:71:73:bc:e7:8c:6f:0c: + 70:62:73:3d:ed:07:14:35:f0:15:0c:bb:d8:c3:f6:19:43:b7: + 45:a5:33:80:17:1f:c3:39:28:3d:6a:7c:d6:e0:37:66:58:bd: + e8:64:2c:ad:b7:e0:25:f5:41:ac:ae:cb:ca:c1:eb:5b:8b:e1: + 3d:1e:cc:09:63:d6:6c:c8:eb:b8:ae:6f:4b:02:98:4a:2a:1a: + 94:26:e7:a3:23:7c:e9:e5:02:e0:1f:f5:88:f9:14:74:81:01: + 1d:cd:7e:46:35:7c:1d:e3:64:60:88:a4:ed:86:06:0e:af:3a: + 2b:1d:f8:45:fe:53:8e:56:89:95:98:ff:2c:8a:fb:3a:7a:0c: + 46:6a:3d:32:78:ad:58:69:ba:3b:d5:95:51:55:f3:72 +-----BEGIN CERTIFICATE----- +MIIKAzCCBeugAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMwMjhaFw00MDAyMjMxMzMwMjhaMIG9MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSowKAYDVQQDDCFhZGRjc21iMS5hZGRvbTIu +c2FtYmEuZXhhbXBsZS5jb20xNTAzBgkqhkiG9w0BCQEWJmNhLXNhbWJhLmV4YW1w +bGUuY29tQHNhbWJhLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3o7M8 +kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3QzMI +/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMTBNIY +D9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdlHeM9 +ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4nLTO +AngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRyajXfa +tqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd9Egq +lR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNiUHL8 +d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkcRO4X +Q7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GIJLt2 +NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEAAaOC +AgEwggH9MAkGA1UdEwQCMAAwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3dy5z +YW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5j +cmwwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF4DBOBglghkgBhvhCAQ0E +QRY/RG9tYWluIENvbnRyb2xsZXIgQ2VydGlmaWNhdGUgYWRkY3NtYjEuYWRkb20y +LnNhbWJhLmV4YW1wbGUuY29tMB0GA1UdDgQWBBRbhREnv/emK49Rk9gpTg6iZ6qd +gDAfBgNVHSMEGDAWgBSiPgIqo6dNObQITZnMDHU26ifDPjBFBgNVHREEPjA8giFh +ZGRjc21iMS5hZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoE +CAEjRWeJq83vMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJh +LmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4 +YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNV +HSUEHzAdBggrBgEFBQcDAgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQEL +BQADggQBAHPeejW8FawyRFuYYGQSr+pCRn37soizR2HDC23RaJI9RM03htoQ0hjb +GSkDMRomzXDR7BOsWYTNvp8rxi0QqktNeDnTa+FN6BCgPpfTHBkR5A8mf5bXJhcj +AtlLRwyvx+8orhwo5dJ6YUZwO0le0GVUTK4UJ8DkF0EsGkINhmw3SGWAAiGzKx9P +NKXOe7D+Bqb+xRvK5eZ+1dwB0lDE+F5zbCxWgdCkc7+Cy9h2yn5EmTpfqZeJqFxb +GzgNTcsCSWmCE2imvkujV6am4/DcrRwwAL/tFcrDPVx73G3my7u8oSLnMpXgD2qr +QAxD7fOYY3wvFWNJTlyCZRPyUybXTMb4fvq8qCJE8fumuydk7JQoGUqvCX4Bjp0+ +Q+V5/RbtJLSrWALinvihsEUlbS++u4iQx9hFMUhlJjOGzEZpU2vx1jXfsTntgeEj +8QHemRAR8D9NXdOKDER49idKMh2rDGPQcSViZ/UMfix8pOyN3gBtX2ldv+bHWXWH +XiwS3KUb3cF6yVZjajvGmrf8FQFTTcjKx8iBUKBlQzP7qlVkoMMu4vkIZOV1q5iz +OLqNU+gIR+/PqfIWJRsgeC1v9YPuNdS1xdbXgRe/nEVD0Yh0IhoyskVzoijU2v+F ++XUcT4RqpRpB64vgHUlpBy9bXuN7APhLZ1tC11HeHBiJL/g257WjbDnjiNxdfy/Z +UrZrnOkd39AYaCVwfnH7s0AodekkOG9wWxr5v+lDvUtR49/jJRGuME5+VVhDs2UF +ES0OpDy4igz5k6snKMCyF3ZSmxiCt/2mT26hdCsZWayx2F7782k3FlkBTPqpV1IE +1EWPEAiKq4iqlkaaqpS1xr/pnprNQPMq7SP/pvebGALZq3aWrBVvBF2S0klMS2La +PSqkWSIadc1u+2JQ2q6dKH1NMi/YzTdn+R3B1XZAujT2jJJbwGX2PJBsW2cJDdMU +kDgDggbDt4V0fxX0W95mX3Gp8e0Vm6By7gXXs5IwZS6CkCH+8Ac0EdOHQfQ1BAy0 +KPVzuNUO4ypTq5o/TVn5GGjwMZAd1iXGizPo3AaTe8sB3oseh1omoA1e9mo2Q1RT +bYcQyqgVGko3laVnk3S6w1mb+LWrEJj8/9bSYRddkH6xKhbs1dqAZwITQde8oq8L +VAizLhsFUID2x5qMrIlJSvRLcXO854xvDHBicz3tBxQ18BUMu9jD9hlDt0WlM4AX +H8M5KD1qfNbgN2ZYvehkLK234CX1Qayuy8rB61uL4T0ezAlj1mzI67iub0sCmEoq +GpQm56MjfOnlAuAf9Yj5FHSBAR3NfkY1fB3jZGCIpO2GBg6vOisd+EX+U45WiZWY +/yyK+zp6DEZqPTJ4rVhpujvVlVFV83I= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem new file mode 100644 index 0000000..98aae6c --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9PC/3NcJal0CAggA +MBQGCCqGSIb3DQMHBAiLhharWWs8/QSCCUglchvaoRZ2KDAOpx1om+BnWFdmElQz +h/3v5NMjNzMrgjSkSU4blpuQdPj4xbyzlxIDJGQFRgcDouNl7FU59Eb1duPnIud/ +6zWBgQgnTbVgH1h+zhHhbpmqAYPAxwf+H5NVEWQva2uAGWrKMApuUPn1IpgesPRz +9WsWwdOyHkj0hQd5slbVdsxJL5wcHwBip9vzrH4IV+WM/vtem4+0629KGFl6hisW +iZD6D2nJHejIlVJMNy6Jkqa5hnJeMH7djaRFp8f22C7/5EbE1a+DGwh6RQG1SfvO +Z7ZTQKkPuq3MvKSb5tp5ArOyHvmQsphPD2TzTtWJD2LiBl5pe1zIiDNSMXWUPmbP +bfSNBswcATWweYUmL/9kuIqaZvNVjJpd1QuVQPMmhFyJyfDyM8WA/6kbeIjwuzku +BSBsBB1CMN26AHBEBxqmA5ml9ZBhL+kKJziYIJs3sdQcQWi+CiyQXKVzzXMhLFF9 +1VgrREMY7d49db3O4I8V4R0sVk5KxqCGULcPy7sMYgRuPr9hBD4i3oRVdokUyKRy +5XmZij7cHVS0pYrpdklkgjNFv4fNjA6goEM39JkzXkBbz0poYjNx/PXAx9wz6Ykc +X29HU6xyE76iwH8UNdqooe+9T75iihb6kccnEWC6uUi106rO5OGbyvtqEHcMlZic +ttfXUxtQT4n8BVK4GTji+o4U2Xfqf75W48ZnrLHMZpC028rrHXP0WMKtweYBCOtN +wt/T5fEqS29tCrnvYBUhlTyEECyfSBuxL9lBDUiS+opw338uGN/3ODXFwc3YCiUY +OoxhVnoLkJPMjIzMmBpIGnjvtVZ4t2FtTQXZMbDQwFJIkW2d70XMuPk86sjh2MWf +jd0rbd+6BrgDVlzxAOWQhXiVTiY7Y3Z8a4CkbyrbpxaNMnZn0DUYhF/LaUm3ylIM +vxXbcm2nTCqi9ly9jP98ZZI7uTAH65W1uhD6+SrOly0sijlZrg4lbdqY3isOuC4Y +BZuqHFWEKLx3J0SwtlV8aJvUAL8KFis5ktTEVO7WWkpODz6IUtiZ/eHbbNUeRyi2 +LmiQx7ywjuy0YIGRE9DeoLsURqtcTGtOkRGgRu8Pa+knl4N2rbuw9JY3ejh2Y775 +obIqyPPT/EgudHfywF4hsjn7i/4L14o/ZjQA53P+qC1swf7sz5LAspTbhHCCe/go +mT2ospx/XIoHLqxmYptKBMYHl5JR5kK8GAdoVzD1vv+MiIGZOHObsJ93X/DaEtT6 +/4/rlAC1ws8Mws4+kVDK0UXfADJLIipq2RP0FkapTQ51+ocIBDnXarAANhTpyokz +5gHLGrbQp1HOQQNnZfVEssJznjm/jiD0MxP/kXFjQuOThZCoKLTkfsjnKTMJE3HN +z96fo1kPemDQ4PUoac3LKUBUDIPxmwFCrcBcwDlrTHm1NmAb60cMUyDMZ073OwNL +3p16tcjn4j7HJ4g/BJ2HvnT5xVavNlFewELaQGN+Ywfl+5DSTNtyAvjgthOYps2F +Zl9sZ8qXL4c+GyaSUk8Rio+6Kggybvo75xdB/Ia5yp3IUC8z0+jVsaoCYf/fddyd +UaVFQvWdeN1tB+nTV7Ntki2LOxek417UV6BtH58zJCibDF2uld9LsIXySIFYvvqe +21kUWUWE7rlaCrDRJ2jwUtU+QYtBHl36WgwSf0C4HkeevRT8hLcFPyhKe6hYVcQL +sqFldps0VAMrfFzCwY8z5Vc1aehmOd9OXVBf/Fn04XBjUEoG46tkSdL18dBfJXI5 +RsfE6TAbB5LOEd7agmoGHJolL3rYwODDVKQWOj0519HR/xt1E7SgCfH/BisGl4Gr +4ZRUJG9unpEBsigN31JEbnXUbfx+rjXZM65F3HM9ir89ofIcVGPuJYflw2IPm1GI +ajEh+nDCt/hwvV66aBI/+JaQ7bHvqbC8tBMWXdlesSjJmWlB2mYdYqIhmqhy+0oj +ryKbsAT+7Fco5ymQACEG4Otw6y+weRTW/IFbibtjDui+P5arl5dRPIn4kCrV+ZMn +wuZVAw83mxSe05efsCt6YCoth64bIgPXVvl7EhGotheYsKfuOFI1Jvw1tDsgtoxk +v+6TnK3xJDMVkdV3dg/glAENdeo1NnHrvIb0Hq9ERMr5wmImQkGoL18r4HoUGin/ +HPi8Q+znxiw3NARCpm7RBwxCUzuYWQ88CKpxDtvGmJfpSNUQ3ETVs1rY9VlBP026 +Uufu5aMz9BURc8iaS4dl/oT0QjrhszeAdsXAoilY+SlmBUuAUieKAnaxLU48hqkX +FID6A/v/LxXm+VYgObFijv4i+ETUGNklhERTdkZ+YfwCWLqCLbGMK6ufVF3YPI9c +nLQ0/gPTW7YH8k1DQ7ehRdSEM3QcdE3x16x2q+dXRqOR1BG9uOsayhofQQWvlN66 +p4gbN8XgwSgf2SLaYUFbeiAiOuEsObPcTYyTekyuRbGcL7CKHY4tHb15VhqUJ0SA +7kiU1hC5cUxaMOKuWCOlqvBdfp+IowEbah2SKxZBWq1D8BKiT1es21NX6FEeJyWC +f+08KHLZWQL/OYrKof8dCcHVwMdQE05/6cXIn5xVMG0QbCyvC2izklQsaH+y4oy+ +iptmdBvXOE+t6wFJsT/jjbFGIbjAXT6xrc9nsL9lBoWJidfhREfzBrmW1LVbIE6L +8ltsECJ5NJ/OMm9Zj5MuQEc9kxsM9sAzk9KXP8xq5mJziTPoYK9QydtLRl/EJkW1 +P4Wp364sHiDnErHYkzsP/DpJ41BkJexEBLnzID/P6YTKfB0bDlnNbb/XQssEPQ7m +5nVBktXVV1UY0we/ACEkqmV6+7yE77ZF/hrzZuCu+M3aE8GjOSrSEpF4KP4V2n5W +ukD+Q5IZJkShjT6kG9lQELotChlU5n9YS147Y9C4HT//wNcQk1neEhUUf4L1cN62 +7JvKqVZTMyWbIIBEjMrKhQKRFAaf5AcFgx+scpGn0rZOY8wguSqHjLxMFrlc9/F7 +CpeM8QUGi9u9I61SiEY9Gmc+wDoONqSu6O9O+pWwWw7/Wh0qjK4TaRXSlVpS+1bK +umgkl3/Y1pDY6pCbHZ3O7AD1JaCZWP0k7oawIejkuV1UuLeFjodLfYkAh6y5Hlfv +/BJ2gHkAEePKibplUpudmOTkWlQChQtzmy3ZReqLydvrxK0H8eh9J/tB8cRP0M/j ++GU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf new file mode 100644 index 0000000..23c5e41 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-openssl.cnf @@ -0,0 +1,250 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Domain Controllers + +commonName = Common Name (eg, YOUR name) +commonName_default = addcsmb1.addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate addcsmb1.addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=addcsmb1.addom2.samba.example.com +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:0123456789ABCDEF diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem new file mode 100644 index 0000000..82ccc60 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3 +o7M8kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3 +QzMI/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMT +BNIYD9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdl +HeM9ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4 +nLTOAngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRya +jXfatqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd +9EgqlR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNi +UHL8d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkc +RO4XQ7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GI +JLt2NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEA +AQKCAgBi3WOUSPffffUx+F5toCdtWwsYlVllL3IMVncp5FOqDUqqACZK7axsNCvq +wbkrgD/DH6VdRHNTRh2zvUZ3/+94XWMraH236/kA+2DbG/EF1tbwwA4APSA+tbk0 +WHop5Qw1oeyPm5Hc4y1pWpNmXPCjXaaZ+PLhI3DUMl/JYnJomvEpXtuPx5Xjbs2J +8VE+N2ZHfqujIr3XNvqg+35gfgytfizhiKf6dolg3bdsRbxSXveWz8CE/7q42xJP +xVsu/Zp01h0HxdYYfRkBn4T8rRxInNNkIdWXeu31RqVr8tLSq2uXRpdy4rZzYcPr +Thm37CwSvEffjZqOwI89mnxaoL1N4UxlIVTk8qapArHCZaucgxYr9acLT9H4sWCO +EgSc0nS1eHogUDZquNvdypJ++EmLAvNtBluRcuQC0DQqOlKPsqVyapTbEOscvk3m +SZ+JRQZi8qgN5nqNNAQAAy60krPGUDJCFOaONVQdjQljPJsg/112y5cBrQPXsknQ +o8u8TMcp9+I8Dp7qSCI7u5TDdERCWjg+wQxw5AzimcWDNRRN52yKzfEekrF6kV+l +eCcWMUv/eeWhJXCKNHAdVGQlHkSld3FdQRtr9PVQn8rSrb81HpodQhqPAUNW3NYf +hhxHimy3y5MLcLNU9A+ut+/lrDwD0enVlXhOiK4b7QqCv6ywAQKCAQEA90JbFJl7 +Ckfy1XpYtZQPVY+Zbv7Mukupin4+u9B1Ywd0j/RGTImNcQYEhQw1OM1FSSvpIzCS +H2JpJWCF0gG3PXYR0xn9JrErVXgh3hxOT9Ynk8ltUQwFAqeJXP1NqJdP0ipOEbyX +XYwBGXBDq42SXnj5TQgfQs/kc8UKBgFZ0LEaDcy5r3eXBi0SCPpFpQ7RWMS5orAt +e+NlthAJItSb6PVBrQUZ1JPZTfsR/35wSnlUQnHsf93wZ477O3g+wuTMmhTLFfU/ +JmcaV7QDIV/mRRO+O6KgSnoQ1sn4ay1b7jXCHOA+VApSxTZsPmuKHyvMpIwmqr5G +/wWJiNT6CI+r3QKCAQEA5uBpLVFxTjXi+TLtpDK1Cf3rd99o2y+uVaWIuq/aqPuB +/mAcpVcOMKsTU3woVgZW3hAArnomVSsEPf4pjqGqjiibGopmcg3f1J1Ee3vfznZ7 +kyOhfh52jNbWahLi5+4phC/wD++S44qDh4Kmi8g7kz0n0KmU9Xt5qCjJXSWTFO7z +8aLbhzdf/R0tRBmBLKZ5w/5CJ0tP9eRuVLgeFWxFZ7lKoSF9ZF4VOg7yVuGh9m6f +Nzo7ox+yEiv+81ZL14736u12vRmkxA+e1be+YDPytFtZ4t4JRWehJ+CeszDaBqLd +DXpB8Dlo6cbWqWqytMuI4zY5RjpMlt8FxSH/nO5S+QKCAQA8JHrNDuwbuxZ5ELJl +MGduc2hp1DZuFhteIYkW3ATBmr2iilNTKJ4r4L/WsPp9H4j73F9v/M9+LMzQl6LV +Sy+MFp0NUSP/dlbJCliKky4FQ10LGJKrhRXu6FuEL+Tk3jE/OKUWsV3MFlLqIiGD +qALzUc+qChC4iqLR+hqPDWMQXROuSZ7c7GTizrG1V1L7bBhF1EwnI11c5hoGZ+4g +98AYsRdRg40d5PyVeD2PfOzJYKu7IcTZ8V0Zg3DerUfu1gJidC5V3/qFV8zTimi8 +hHwZT00VamA83WYdKLFxOG5FCfR2W6EthflOGQfJQxUssdWsLJ73JyNTwsAKdWuA +C5pNAoIBAAXUjvNlBh56f+PZJGUsHqRE9EhPrP80AgwJpR1JyZTQ3SSGWtLWEvap +q1BFZ2Ncv57V+p5tWUB3WKEUJQqEDKGQZvJRomqo7Qkae5s+spUtKsu5b5+Wt1mx +JzMAjRhcTFIZP8+3Nhdm7RFj/D61bMO4HKRJVAiq+JSFiyg+BavWqPRmL3MHs/XZ +YcZBeqCdB6AqcJM7dKZ6AUtEZwYVeN84r6jIBrmdIp4XuIj3I7bsbjrfzpe8+is5 +TzPn7vxfkOUu3/vAhQeqeVFeVYFqbmudjvSKtOM6zbgLFRbjWe4m+LwZZUbivEKD +EfKvThoAtdE/Ek0ytbJtqWCkDidxYUkCggEAB2DIXKQb9OphTQf+18OGnslAa3b6 +vLZPcmv4ZskCApi9AM2AX6q42luovaYR3ul3IJKM3SKa30ZBdprb0epsrW/aJ6Fm ++ri1NrQ34zLNun/cX+Q+EzFbq1wNsCj4Wj0my8q5oyg+KtofeWYFYJmn75rGuZVz +UrmIC6MjrXi9tvh4BK3pfPzSGizPlLk+vXSQgU36bfUY3P6SZFu9W+IMfDJKKip7 +0MqQCVE3aMoFi1/1pJt7qWiHvYqLIjldJEdQpszTr7IeNsYo7OFJtOaHp6G7mZOU +/P+GGZiS4h20hS+y/IPBWqFmFiwy38z1L4lUi7W26oytuKYuiUZt3cy2IA== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 Binary files differnew file mode 100644 index 0000000..d44a18e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem new file mode 100644 index 0000000..a4d061e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-S06-req.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFFzCCAv8CAQAwgdExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +GzAZBgNVBAsMEkRvbWFpbiBDb250cm9sbGVyczEqMCgGA1UEAwwhYWRkY3NtYjEu +YWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1i +YS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAN7+XXowmbseEVassNQBUDCD4XEPqj4atPed6pNp/L5R +GUw396OzPJATYmMUnbhUZhdlSmeOzpZ/TcLGbv08rrviW2zuUXvbNxeUmQI6L6nL +0CMpt0MzCPw/FTvtPOtpW5VFGB6FXqoxtj4YyC86SC3MxmkotlysJAOxg+jmlqcG +bf5zEwTSGA/UcveIIkBbq2ikieI9wMrlp662+OqKjDmcbRuJq3IsBCdAfvXTP13Y +DXFnZR3jPWWwl38UrZJDLz8Eqx4xUgd/30ismsAo0avr8nmz0kRf6C2S19i+A/7b +VStL+Jy0zgJ4B3IP1TLNAR49sm4lKfoJSUmr7dwrEMU9GTzEHtrulcL/+FC090ea +pH0cmo132rai5k/NgLmx8h3ckGA3bzlepgPii0TXpEX9fk9DFPBoDeaEjyEgU/a0 +Z738XfRIKpUdfXm6oe648IODf6ux6zhOPEuKk4AVY0xDHYFLwebVsJ9sSZ0EkmZs +n3zTYlBy/HdlhznZ0O9eU0kyStMbSohF8A+iXjMpvas9az0jvMacnZicnY3MMj7h +jJgZHETuF0OzsEel/hVJqlq3dkNM35roMz1S6Gws3T7YqektNsI6Q3WyvNW9gYv8 +YzdhiCS7djUZAER6PjCono/fdBQJC/WLybDtvtDPwH9hQQf4bH0KBZZPbl/MQPP1 +AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAve93Lch8SWFi9pmWZgmcStRFALjR +RRa9iUSIpIgHmJWKAjIq2APh5xWfp4Ouh7DO6KIwHLbgQEXWpxehukhyUl4VlIMV +y50nVK9ibiu5X7MO0HMHGnULZvLDS7i64siX9e030xvP5cOwRg16TS84Ex4VVoaz +1t1yE083OoD4jqMvDvgMJ0OpnyZXUZctDLCc0aADkhJKC/V4q/mruPY1lZ0Nxl3T +Q06GhJtEaR87BLIoNUqD6SwyZm6F2Y96bLqdzgaGHYNGhGGeDpXp0l8grlRvpu+9 +zFdTsALPAwt6KSNmk4GsNuNyu7DS6v33+yaT0ZbbulbPZ6uVFjXrnFFXYBAcFJs+ +YFELavoIRtEOcBfJ5RL6Hcr3P1/4I70u5Uucesv5C/loNHnZPAo2s2KFtBtVgGHp +OYeFjzDvG3fLz2ZGjIDxTEh0fD/9wRL2CVtjEfN6V7tKmd3f7IEBtCw+7Hdu4uSN +GrjWrbzQWhyTT6lyDfCKsmQlCevI1MW9oDkVmaBkHwYuWTc4U6wL77wDKyShTKV7 +RFWyhfnhYp1Xpm/pZmCszUZc7Si7eGGJiKohH7K+3YnpcfPMq2t83SBeFMmaBBJX +I1KOjT5grWAzVIsIdFgFvoPqXNWmizEddBTtExnmhK3tAzudJL7bv+PhYSQ0wTOP +n2KpBr/vsEs9LeM= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem new file mode 120000 index 0000000..97e86e7 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +DC-addcsmb1.addom2.samba.example.com-S06-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem new file mode 120000 index 0000000..7259e86 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/addcsmb1.addom2.samba.example.com/DC-addcsmb1.addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +DC-addcsmb1.addom2.samba.example.com-S06-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.cer b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.cer Binary files differnew file mode 100644 index 0000000..4d7a875 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.pem new file mode 100644 index 0000000..7b1b6a1 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.pem @@ -0,0 +1,190 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:28:44 2016 GMT + Not After : Mar 11 23:28:44 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=localdc.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:e6:a4:76:ce:e8:63:fe:57:f9:a3:ae:e0:ad:4d: + e2:15:8e:d8:27:c8:7d:7f:2b:b1:e8:aa:50:8f:94: + f9:c7:71:3f:52:32:91:d1:6d:52:22:5f:cd:8d:cc: + 62:16:7a:8b:58:65:ed:07:f7:ea:24:d3:88:d8:26: + ca:eb:ec:16:a7:84:1c:7e:15:46:64:09:22:46:b9: + dd:5c:07:84:50:a7:4e:31:3f:01:23:d1:f8:36:04: + 1a:bb:d4:e5:b6:d4:1b:5c:16:c9:9e:37:8a:3e:a9: + 7d:30:24:40:b2:b5:44:40:fa:5c:6f:d5:3e:ff:32: + c2:e7:24:0a:e4:e4:aa:9f:ff:4c:ac:be:37:58:22: + 08:16:0e:f6:a7:2f:b5:6c:4f:ac:7b:a4:82:a8:9f: + 38:64:17:6e:72:b6:7c:4c:c5:44:2a:0a:b4:25:0d: + b0:0c:ab:98:4a:f9:1a:1a:c9:a6:59:f4:00:a5:0a: + 6f:0a:d0:a5:34:ca:0f:f4:0e:fb:ba:d7:bb:3e:2c: + 7c:0c:68:6b:26:ff:1c:29:fe:77:f9:30:85:0d:44: + 8c:af:90:8a:70:93:5d:3a:b6:18:8b:a5:85:11:5c: + a3:5d:57:16:dd:c7:c8:00:f1:05:71:c2:6e:07:3c: + 37:69:36:7c:12:c5:9e:1b:69:11:45:44:1e:eb:b9: + b2:96:b1:89:cd:4d:fa:89:eb:92:49:f2:46:35:f3: + 9d:87:3c:be:e4:f8:b7:31:a7:36:4b:81:76:9b:b2: + 04:d5:80:7d:4f:e6:02:ed:24:4c:a0:03:c4:9d:00: + 9f:9d:71:93:0d:a5:b8:37:62:2b:03:c3:bd:24:25: + 2c:c3:43:d4:c8:27:b0:6d:05:d4:c6:c5:d8:5b:09: + 94:e8:27:6b:d9:6d:b7:bc:de:76:bf:d5:9c:36:26: + 04:b9:97:1d:f0:c9:8d:91:93:82:32:0d:b7:16:97: + 41:31:9a:22:0b:2e:ba:99:51:28:6b:f5:04:ba:c9: + 3d:57:0c:72:e8:e1:24:1a:d4:2a:6a:e7:e3:b6:b9: + 94:61:e3:4e:42:81:e5:43:e4:1e:ef:6d:c4:5d:a4: + f9:b4:ec:3a:8a:34:fe:b5:c7:a8:fe:19:8d:cf:7d: + 1b:60:21:ba:25:6f:35:cd:4f:72:28:42:7d:87:08: + aa:da:33:7e:63:e6:5b:5f:e7:01:a8:e3:0b:d3:08: + 5a:a6:df:ea:e7:2b:13:48:a7:83:32:96:c4:ba:d1: + ff:15:66:52:33:86:46:5f:c2:9f:59:4a:00:98:b7: + 1b:a1:87:25:df:ad:68:5b:f7:26:17:2b:eb:84:62: + 9d:c3:bd:99:67:6a:02:5d:70:72:3e:18:92:99:8c: + bd:d9:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate localdc.samba.example.com + X509v3 Subject Key Identifier: + E1:DF:73:0B:F1:3E:86:43:A4:B3:E9:8D:44:7D:3C:B2:19:C1:BC:F2 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:localdc.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 89:2c:57:98:17:c1:73:a6:10:02:6f:a6:ac:47:1c:37:2d:1d: + a1:3c:c5:29:b6:3a:e6:e8:14:ec:3b:74:ee:da:db:2d:97:3e: + d3:8c:9d:42:7e:b0:46:e9:54:74:4f:34:df:9e:34:7f:9e:8a: + 9d:4d:b2:cf:fb:71:3f:cb:32:e6:45:e7:b4:d3:9e:e8:ca:a5: + cf:16:7b:76:b5:4e:e0:b9:bb:79:b1:82:a7:d3:23:cb:3c:46: + 63:63:96:b3:5b:62:9e:99:dc:02:17:f9:07:63:86:76:06:1a: + 02:1b:9a:df:1d:cd:e7:46:fe:9a:13:87:47:dd:e2:77:58:50: + a2:6c:c9:a0:f8:14:1f:3b:d7:59:9c:89:bd:2e:2d:ce:60:f4: + c6:2c:e3:63:cf:34:84:61:d9:90:2e:90:fc:5b:4f:a2:00:87: + e7:40:e0:fc:d1:24:8b:d0:28:01:d3:53:ac:b1:58:7f:87:29: + 38:56:93:dd:a2:14:4a:9a:94:b9:f8:94:b2:04:47:db:b8:38: + e6:85:2b:cf:d4:72:88:8b:0d:8e:a0:69:f9:9f:10:22:82:9c: + c5:ec:01:e3:07:a1:69:37:94:25:3a:cd:17:29:37:8d:24:d3: + 27:0f:4d:bf:b0:31:36:b8:c6:a8:69:0b:df:28:f8:e2:dc:da: + 95:3e:7f:d7:3f:a5:8f:92:6a:7d:ad:3a:ac:af:73:2b:5f:f1: + b3:22:92:ef:da:71:84:9e:4b:23:7b:69:b7:29:fc:c5:05:84: + 4b:ff:06:92:ee:f5:9b:14:2a:af:be:ef:02:e1:e7:d0:e8:d0: + 29:7c:48:40:f1:95:bb:08:b2:30:c5:81:80:a8:91:5b:2e:08: + 3b:30:44:07:b5:c4:0b:07:74:ca:5d:37:3d:75:f9:bc:6d:21: + a6:e0:91:d8:f9:27:88:05:58:a7:f4:36:eb:ba:40:63:36:15: + 42:98:0b:e2:d1:c9:11:0b:29:81:e1:c7:02:7e:fa:05:65:51: + 7b:d6:1a:33:46:fc:a5:d4:fd:64:e8:c8:11:d4:d1:41:d9:39: + 18:08:a3:ed:15:70:d9:14:f5:ba:c9:bb:3e:96:8d:5d:cc:c3: + 5c:b6:c8:79:02:2e:e2:a1:06:ba:a5:21:1c:bf:16:7f:2d:d9: + 93:07:92:b1:fa:ee:3f:e3:56:35:f3:30:aa:11:54:d3:71:cb: + 29:d4:60:e1:6c:ae:c4:24:e3:00:4f:5f:52:b0:3f:f4:76:f3: + 6d:db:bc:d8:65:c4:37:be:1a:87:9b:65:c4:20:dd:da:a9:4c: + 9f:86:33:2b:49:a6:f7:aa:ce:da:98:3b:e3:5f:ac:b8:1b:45: + 0e:56:59:fb:49:38:0f:b7:d4:49:f8:7b:ac:fa:d8:b8:1d:16: + db:b2:4c:15:d8:e7:eb:6b:38:ff:d2:69:26:a6:f6:50:15:45: + 2f:12:b2:05:d4:bf:6f:53:79:64:9b:d5:8b:a1:08:3e:43:ee: + 08:fe:9b:ea:83:89:8a:6a:53:98:1e:c5:91:4c:7a:99:2b:6d: + 97:dc:96:1b:de:27:c5:af:0f:dd:42:5c:23:7d:bc:6b:5b:ab: + 47:29:98:35:8f:9e:e6:e1:5f:96:6a:bd:cf:3c:47:89:8b:ad: + 21:de:20:da:99:82:c1:0e:9b:7c:38:21:d8:b1:1c:34:c5:4e: + f7:fe:7d:5e:a4:2f:f8:7d:5c:30:2c:9e:e6:5a:4f:d3:15:90: + e6:6f:69:ea:51:93:8f:2c:dd:a7:c3:3c:50:a8:d1:ba:0b:5c: + cc:2e:4e:57:71:21:08:a1:2c:bd:a7:20:4b:ae:5c:02:7a:cd: + 9a:fe:1e:db:ec:ce:3b:12:37:cb:96:20:7b:3b:b1:5a:2e:84: + 03:f9:0b:32:43:c0:4e:e3:ea:79:e7:9a:13:54:e5:a8:1a:17: + c4:79:78:25:63:ab:67:39:39:a0:6c:c4:c5:94:ac:16:92:3d: + f0:1a:1a:9e:ca:7a:84:1b:c1:5a:5f:4c:65:8a:30:a6:5e:6c: + 0e:ae:bf:ac:09:97:0f:83:5c:92:ce:e4:43:de:06:4b:96:f5: + 46:3b:7d:a8:e3:0f:d3:fe:00:c7:d4:79:4e:5f:bd:ec:59:12: + f9:65:23:fa:e7:97:a2:a6:39:3b:a3:1e:da:47:c5:18:5b:8d: + a7:7b:29:1c:5a:7a:06:c6:92:9e:b7:3b:f0:c5:56:e8:cf:84: + cd:dd:61:0f:21:25:f4:1e:2b:40:b6:74:28:8d:41:f6:2c:1d: + ce:b4:39:d1:e1:be:15:78:c9:d7:99:a1:9d:50:43:da:ec:40: + 69:6a:3b:17:af:28:22:09:e0:7d:38:9e:a7:ca:b7:f7:94:8a: + 2a:1b:32:4e:28:6d:18:95:ca:42:67:c8:bb:13:24:31:43:84: + 3e:95:66:08:5c:15:7f:6b:93:cc:8f:b8:76:7a:fd:74:4a:d6: + 6f:64:74:df:72:f7:34:a3:50:f0:db:bf:0a:2b:1b:48:b7:c9: + c0:97:23:27:b1:56:5b:9e:10:12:5a:bf:ff:38:61:da:41:75: + 15:c5:03:c2:20:fd:7f:84:c0:94:8e:11:ed:01:ba:f1:19:b5: + 05:1d:bf:89:ea:c9:38:4e:d2:cf:5b:24:c6:37:a1:8e:60:89: + 5c:52:ff:7d:5e:2d:c9:f8:b1:79:07:4c:2f:18:85:e8:ba:bf: + 3e:da:59:43:df:29:79:7e:00:38:d2:fc:a9:8e:3b:9d +-----BEGIN CERTIFICATE----- +MIIJ6zCCBdOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI4NDRaFw0zNjAzMTEyMzI4NDRaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSIwIAYDVQQDDBlsb2NhbGRjLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNvbUBz +YW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOakds7oY/5X+aOu4K1N4hWO2CfIfX8rseiqUI+U+cdxP1IykdFtUiJfzY3MYhZ6 +i1hl7Qf36iTTiNgmyuvsFqeEHH4VRmQJIka53VwHhFCnTjE/ASPR+DYEGrvU5bbU +G1wWyZ43ij6pfTAkQLK1RED6XG/VPv8ywuckCuTkqp//TKy+N1giCBYO9qcvtWxP +rHukgqifOGQXbnK2fEzFRCoKtCUNsAyrmEr5GhrJpln0AKUKbwrQpTTKD/QO+7rX +uz4sfAxoayb/HCn+d/kwhQ1EjK+QinCTXTq2GIulhRFco11XFt3HyADxBXHCbgc8 +N2k2fBLFnhtpEUVEHuu5spaxic1N+onrkknyRjXznYc8vuT4tzGnNkuBdpuyBNWA +fU/mAu0kTKADxJ0An51xkw2luDdiKwPDvSQlLMND1MgnsG0F1MbF2FsJlOgna9lt +t7zedr/VnDYmBLmXHfDJjZGTgjINtxaXQTGaIgsuuplRKGv1BLrJPVcMcujhJBrU +Kmrn47a5lGHjTkKB5UPkHu9txF2k+bTsOoo0/rXHqP4Zjc99G2AhuiVvNc1PcihC +fYcIqtozfmPmW1/nAajjC9MIWqbf6ucrE0ingzKWxLrR/xVmUjOGRl/Cn1lKAJi3 +G6GHJd+taFv3Jhcr64RincO9mWdqAl1wcj4YkpmMvdlPAgMBAAGjggHxMIIB7TAJ +BgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEuZXhh +bXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEGCWCG +SAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwRgYJYIZIAYb4QgENBDkWN0RvbWFp +biBDb250cm9sbGVyIENlcnRpZmljYXRlIGxvY2FsZGMuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFOHfcwvxPoZDpLPpjUR9PLIZwbzyMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MD0GA1UdEQQ2MDSCGWxvY2FsZGMuc2FtYmEuZXhh +bXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1UdEgQqMCiBJmNh +LXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0GCWCGSAGG+EIB +BARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEu +ZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcDAgYIKwYBBQUH +AwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAIksV5gXwXOmEAJvpqxHHDct +HaE8xSm2OuboFOw7dO7a2y2XPtOMnUJ+sEbpVHRPNN+eNH+eip1Nss/7cT/LMuZF +57TTnujKpc8We3a1TuC5u3mxgqfTI8s8RmNjlrNbYp6Z3AIX+QdjhnYGGgIbmt8d +zedG/poTh0fd4ndYUKJsyaD4FB8711mcib0uLc5g9MYs42PPNIRh2ZAukPxbT6IA +h+dA4PzRJIvQKAHTU6yxWH+HKThWk92iFEqalLn4lLIER9u4OOaFK8/UcoiLDY6g +afmfECKCnMXsAeMHoWk3lCU6zRcpN40k0ycPTb+wMTa4xqhpC98o+OLc2pU+f9c/ +pY+San2tOqyvcytf8bMiku/acYSeSyN7abcp/MUFhEv/BpLu9ZsUKq++7wLh59Do +0Cl8SEDxlbsIsjDFgYCokVsuCDswRAe1xAsHdMpdNz11+bxtIabgkdj5J4gFWKf0 +Nuu6QGM2FUKYC+LRyRELKYHhxwJ++gVlUXvWGjNG/KXU/WToyBHU0UHZORgIo+0V +cNkU9brJuz6WjV3Mw1y2yHkCLuKhBrqlIRy/Fn8t2ZMHkrH67j/jVjXzMKoRVNNx +yynUYOFsrsQk4wBPX1KwP/R2823bvNhlxDe+GoebZcQg3dqpTJ+GMytJpveqztqY +O+NfrLgbRQ5WWftJOA+31En4e6z62LgdFtuyTBXY5+trOP/SaSam9lAVRS8SsgXU +v29TeWSb1YuhCD5D7gj+m+qDiYpqU5gexZFMepkrbZfclhveJ8WvD91CXCN9vGtb +q0cpmDWPnubhX5Zqvc88R4mLrSHeINqZgsEOm3w4IdixHDTFTvf+fV6kL/h9XDAs +nuZaT9MVkOZvaepRk48s3afDPFCo0boLXMwuTldxIQihLL2nIEuuXAJ6zZr+Htvs +zjsSN8uWIHs7sVouhAP5CzJDwE7j6nnnmhNU5agaF8R5eCVjq2c5OaBsxMWUrBaS +PfAaGp7KeoQbwVpfTGWKMKZebA6uv6wJlw+DXJLO5EPeBkuW9UY7fajjD9P+AMfU +eU5fvexZEvllI/rnl6KmOTujHtpHxRhbjad7KRxaegbGkp63O/DFVujPhM3dYQ8h +JfQeK0C2dCiNQfYsHc60OdHhvhV4ydeZoZ1QQ9rsQGlqOxevKCIJ4H04nqfKt/eU +iiobMk4obRiVykJnyLsTJDFDhD6VZghcFX9rk8yPuHZ6/XRK1m9kdN9y9zSjUPDb +vworG0i3ycCXIyexVlueEBJav/84YdpBdRXFA8Ig/X+EwJSOEe0BuvEZtQUdv4nq +yThO0s9bJMY3oY5giVxS/31eLcn4sXkHTC8Yhei6vz7aWUPfKXl+ADjS/KmOO50= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-key.pem new file mode 100644 index 0000000..3443a50 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-key.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIc8U9D3UAcEQCAggA +MBQGCCqGSIb3DQMHBAiv8rBzGS//TQSCCUieV5YQyWsn3FFhKYI425pOXfnTsSUb +VEe7wO2H7D/S0RFfT5gILYv57TTH8Z9uAeX/wU5msKA4PZt16aMutNl2NWell8hy +IX5R4n6IzSP6IobZKsyFR5u/h683Eli1pBd4BbLJuYu94sxelB4HQdRp0QJIvIvO +TWqTyD7UmqqG/IVhTMQpzcepY/S4SGI6GODJtDLPRgv3x5/Z0/NsxiMKrXMi7HKc +Rzg8jm2mausukN+sSyPcvlEufQjRJgJXtCIX98FMLp0pkOq1rsVUSNg8Qza6tbyE +XhweHWbV9YZCVfmnhUalLt7CIoA7QeOQZbwTNpTo/4mSEA7lv1knvFSdMc9JvR6J +bZQOk5rPzuX2W84UQ3CkIwaRB2iFUv0gJy5Z2xbhWgAR5KZIhGTKupHBYOmD29QU +whgjXq4McdYWKquxELzSW5jXVPNwvREhEuKR1mt6g0NqXCbCeQHw7DWH1OGPz7jM +HXsCGVWpXqeWvRHhdF+NRfHa41hqGS3Onq29UJtgcMpNYpGQYY6Exq6hVVsmddwt +QU4COPfozJzeAlkUEem5AKnuh1JUxo/RieNP99sv1/8g8icc+oPXOIu/6HI3JGYB +4WTVBp1OccEcNlnUYhxcL3ODYXcLUhiLZh2DS+IDLS3Pbp0v1qz/JuzDxiYBnEYt +4Q5NWdhPF/TSS7wQHRl35LAyHHhBIu1kuDhnXjdq87h7ioNiffZ0DgSW4HFUzslk +4UZGFTKaDpepBfIp1qnYGPKCMv+MLaMWU3LOfVGT3ecntkMxUtntNMZ6qGaXhzda +65LD9xYJUrbo+qQSBiTNAhMOy6lHlwIulmML0j1YEcVc2EwgqdfbBeT9v9gh6If4 +85ba1Wvy4W/FN/xo/ECflLAvozjyYND8LMcZ73eJs4ncZkMZAkjfP3sg/qvTAtbf +D6c+SRQbxRJv0ZUb9NN7wx4flsyypscKNqk78mytUN7gGf2xJIOvMS/zH/Zf9EpD +bEY+lOY2llYtXhoEj95tnRPFhKaQeGZdkISsmoU5olLsw/tRkquGdAokh+fl+NtZ +WxgJF8Ft8NT4iXhEBRfgFO5ubGq565c66ayA6R6K00pg/IvS8OXPuxT+/e8EKqUO +R9RyWR5n+W8hWw5+pQWGNvwhLFLJFfCxHw2ucSyNCvtcb6ijV5yvi4cI+UuVnh3s +WW3mMaMOYIcbh/thp8wBs/dpAOGUWX7XBfaGsQ0D+ff0ufcUobhXVZgtC0LhgfrN +ZeHQF4bUXycyaAGWvstNb6Xj2QFVDG98eNDGmYDTD+0XwpPc/6/Ge4BLPAVcBpQw +DMCKUqSkPPWCqfipbQmpBxswhYmzx+DjdfRxHExWeGk1pwyfH4GBhO5fkcpYVtU+ +RyruFu0YNnQ+2Y4eg8+3IyJndxkUHmwsB1DB0P8XvJ0n/NnAnZ0sIpE0x3dOFhb+ +SK0dj8fo2aEHOimrTHc2EJ2ZscpSCVNQ1BsScM36FCWxRWbTr8rBFsdUJ5CMZ2hN +qHBtf38SgNkD3qBUmiPetsYt6qTKY9Rv25D4zL5IR2ZnV99oW6MTDhc49cxYn8Dy +MKlyzV3upykqGBMSKBKbafDI3sO8gB3upUetnogi1TMaNyu4qNzq8oNRfdf+RD1R +Rg4++U14UbYNvWRQnCqjJGUXDnVc8Gp9K8Z6p5eXihsFfpol1OGu0td1e0FRi3AH +INW9UEpfRbmbEPHhYQRNAyRlcQXJ1FBnxUCk6qgfkD0ziJk2VD4oFoaSlqy7l21z +zoH0Vp6PZGZEIs/mAODvtH5jsTEMUE8uuRmPqgnFqbi/gfQ5FJLR6dfCb8MJ2iJM +Hw4791wi7tS1aCYoHneDtxNFeWuuEmw1uMoA+C5euGNv86XAH5AV2OrTIt8SLFPN +mLBLQ3J9Kkitsy1JFz9IdJ5uY3K2CvpOaP+sx3l1Q4YVuSza8r7zRfTC1wPfbsvk +64zZQzA57WvRvpaZU49HbMV9/zDOlQfLtL7TdAbqLYjlVRpO5pHHEqLRR9eGQ2UY +zhfMFfcJahH4lDbgHf6EVjHnEuoW9fU8hLRVzUcQCVDsf36Et+g5G1JMhFnlVzdv +MaKiN9tzKeIqxUSlXMHYm+oIb849pshNo+KRzZ0K+r+wExnpIfCfVOjAvSQU+6y9 +1uIIQlJfk6uPFVriaooyUDrW9/83AgzJDrkpSMTnVmo/MTS8cAe8Ox5cr+mHqJko +cnHzBNI9Q0z59SpJdXucPVyk5MYPUdfyI2ouicm+nKidNvlp36O7UHMw0pJdeqDg +03vhaVif5uN8FNjBLp6xIipX6lor6XCOnkGR/zkis602sTAkE4nemOw9zy3rIBr+ +hYnSY7vMFCVYIERjqSOLE0k0d5RyOsGjSYr8yQMvpTGusla34qVPjrrpJ+OuczK/ +6KJeHV+WUw42g8JSs67j8YJ2ejc9gr9AVSRiES99QL+tlFnOTY28N40OjXqFJjYK +A0x0By1O6h4PMKtYchTuJAoEOB2KOP1Ta+NlL80zM4nWwv7NdO0AR/ATfUfix1GS +NiMC10C7eurYdAfxly3p9NgjQq+vaKsnSy0TbXPCgW8YTegnxKTUWJm+BEiYaE4M +A0c1CySusV+JO1catlXSeCB6ajddi/SKXsW26lJ3Q+8QqhA3EMivCE3Zh2Q5c1yp +gCV7IXtdryPdK16qmirO9LKkm6sCfBdhgBgi+IcyUhqxwHCwxrPqzEs75Sa3U/6k +kV3AqFwhHYtUj2fBNlfJ1efV8fW+WLboJkHbi2LXmL4NBvHTNjK3NprffFrQ/QJU +oYsMQdeWQZD+3p8w1fPb0sXEDL6LQgjAjyDaqOiX8XrQ8nr3n4FpTI38/OIIfS69 +IHtgo5yv0CMfN+C6LAHOE0aDHRoY6+TVVgr1Z/X2VqJQJONii0dQ5ttDHYnUpzu0 +vWsdvVjsyhkLa2yhUB7UyWusZo0HZRSAcf1pNlpp5rCtJad9to7OvOL3qb5GluAK +/5eZE6RzgyGOjtOx0IgQ+l4ThQCTbkoVEtB59IEeP/+Sq2RmFfdGiGgC3Wnrga8b +gkuXXbjZboptSku6N1ZO1r99wd0qIHzrtVCONGLGfVBy7X6nDO2pC9IUOXycMji7 +B5J0toyDWt6UzlLQasmz8Be7NZJCkDd2jlSKorZtdynsXbRkX1H4by9kI8kEcgK7 +ICE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-openssl.cnf new file mode 100644 index 0000000..bf4131f --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-openssl.cnf @@ -0,0 +1,250 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Domain Controllers + +commonName = Common Name (eg, YOUR name) +commonName_default = localdc.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate localdc.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=localdc.samba.example.com +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:0123456789ABCDEF diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private-key.pem new file mode 100644 index 0000000..546b292 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEA5qR2zuhj/lf5o67grU3iFY7YJ8h9fyux6KpQj5T5x3E/UjKR +0W1SIl/NjcxiFnqLWGXtB/fqJNOI2CbK6+wWp4QcfhVGZAkiRrndXAeEUKdOMT8B +I9H4NgQau9TlttQbXBbJnjeKPql9MCRAsrVEQPpcb9U+/zLC5yQK5OSqn/9MrL43 +WCIIFg72py+1bE+se6SCqJ84ZBducrZ8TMVEKgq0JQ2wDKuYSvkaGsmmWfQApQpv +CtClNMoP9A77ute7Pix8DGhrJv8cKf53+TCFDUSMr5CKcJNdOrYYi6WFEVyjXVcW +3cfIAPEFccJuBzw3aTZ8EsWeG2kRRUQe67mylrGJzU36ieuSSfJGNfOdhzy+5Pi3 +Mac2S4F2m7IE1YB9T+YC7SRMoAPEnQCfnXGTDaW4N2IrA8O9JCUsw0PUyCewbQXU +xsXYWwmU6Cdr2W23vN52v9WcNiYEuZcd8MmNkZOCMg23FpdBMZoiCy66mVEoa/UE +usk9Vwxy6OEkGtQqaufjtrmUYeNOQoHlQ+Qe723EXaT5tOw6ijT+tceo/hmNz30b +YCG6JW81zU9yKEJ9hwiq2jN+Y+ZbX+cBqOML0whapt/q5ysTSKeDMpbEutH/FWZS +M4ZGX8KfWUoAmLcboYcl361oW/cmFyvrhGKdw72ZZ2oCXXByPhiSmYy92U8CAwEA +AQKCAgBqVMxJW64t5lU69zax70QZ+D8DKFVjObvNridx6pa1MiqlNJcxXBsPqedU +RjO6dUikumjq0Yrq63MdY9UNq0xOcoPIRPqsx+E7hhjdgsGnhVpxLcDSyMyL6pyA +mAhHn8X1ULQm8ygS94S1myEQwqzy3/mZvVBLyxU8BsvW9u0K0mKBCTjustHTiZaB +QWd8xcaZQiDSqIUQ8BSFYkgwBIoGb+TZaFQPo1SUy/8S9oBw3CMn84V6EPL5QWbV +d8rqOuciJNQTzFgKJHbRjXW2Nn5Avae2kQaiG+5RUP5D801D0denAq2SFbbJaFTA +O4kKYOKS6QGOjfj0Xh4ONveiaXxBSPpIJSvbjAV+Nq92NVkZ35jiPqGZzebhzzoD +mU6mMvRoL/FHs9PKNZF1Cd4EP1SdLhiImj+1eajfYvHAlz6kIJxTue0BFkh13uwp +amx48wB7e/W8t8lqixICf1HlCv+EQGN6aka5dHMqJobXhkt9npz53+AYdpc8Sjs9 +QlFplYoOgkaHvzLv9yeZPOT5Xr32weE6KpM+SwvpVxfttbkvqrWoOoEcDARuVqiS +TRzS/ZDiEn+Kcgm7pJ3i2nTAIBzwC4z91HJbeVXNpptkZJEgjXM8XjSArHjDrkl1 +EGKARlkTn576XMGWSkF/bmEBiG0KIhTu+DmwsQvR+564tjV98QKCAQEA+aS7ygjL +aRj5JZKMt3VWZRntK20m04iY0wGDNs+p+nFRJjCDAUhTTOl9++vlJYe8HO9iXzUv +O51tGnzrck9+gUVlFghrw0dJ+mY0+1bSt2aLNUmlfvv1uRpm9Pd3xbQ6e3Kpf/r1 +ew6IpG8I6pvpVJXJ3FQZpSOlTP9dyRxMNzdILGzzPrb+2r0j6Oc/y3+adBiXB3Yg +QPfFJRJZA4k2Wk/qSi9NR/yWHaY0krO68l8l2zn1AKaIoVVqtxVTQ7qUBWNXzVMe +ULtAvO1Bonh+C+zYcNJjSBeYWeJ7pbp/ozDe6M2DuJMv4aW6oV6tGcMF9NOd1pFx +qiC8vIVPZ3rJ9QKCAQEA7IPf9CAaDUScu2/Ry9z1RaISU4BMi/30poc80Zy2hC18 +vP8aiHVlQdkdzdKYGweaYNQpszGeBcHK51y6V11vwCNQRrCoUp9VbICp7ok2O4y8 +w9r+q4GcYthHeMhEnHDo4R/uHKEJCYS012RLlLSXMa0Dfl1sOv8mVuIEaZoRJrAq +Xzxz9KX7MFv5Zb8TvVL6fHEXmdMmmoiZnyNplH+3LMj6duoNaxjtsoixCkuRTXE7 +Cav118q+QWae+yhIonF+HRIa/G0doqHa+P9rl18FUnxfAf91Z70SSJ2oOtuWjd1J +37eG4d7skpAoWWdXNpCqpJnsPLlSlBqKmYrN5CM3swKCAQBAfV/Np0v00HC8Vgln +8zXoVDRCfaYEC0t/ZuqgpDDC87cE6I9PK4HpYoAbLis58MCVsPl2ouSav+ZJa2/f +Tc3eUzDz6iT8g1QHDZQuQZWZrzHTCD1qemhV8w4Zxjv4pMBe15YV65yyt2RxJgXl +pXU3VqKY+ljNolG3fFib9WVy9iL85wBHeTqJA0ddiS+fwE0EJL4PPWLDpb4V/5Fj +KnUSC4b4txN9vzCAZEk8hJWMuyuqYGR8UIkHNGum9ClYW8CVS76I2ioArP7iT2Af +OoVFS1/2dUMUgpPm1G0guPb0D1HmTgDzE4LRBeEagryw5QKK5oflwBje3ColgUKr +9rppAoIBAH9t9gXkHeU0KHXco16BaCziS5ltsNBkPaJTjvMoyjWhBGoX0EXhanL1 +9dblNkqp6AVviiAgBZH4fcf17/gOQZ116VSM7cPGURIqqGP6zZt8EmA756akKIwh +FzD+Rek79F0HBRWrteDI/V5njUlLm4KKQy2cTCnlOtTo5ZO4DLGZjNrPCXKw0wuV +ImQtdQc2Y/sUO7EHUO9F1e8l90apIRoiFsBnDl+7iKX+e9SeLmVZMoPdgJGJjMRT +9ChB5hCPsXEcRinm6GataftqMp/V9Foi5FWBO9JuziENwIwlr5Izvg+pJCUiJLg6 +r2KsCRM/EpGo1N1KxDFDs5VScegPCX0CggEAWCJ0+KmHbA4F+vDjYW1wNE1MBKee +4Q+nnX45oEHDM+J5da2Ov2IhblzVX/vJaVtI2rwSXCkM3x7ByAXwewNa4BA/eGG/ +v2MPs21f9GcLkpLv0xz+pILkeeNk+e0yIYE4jWQGFMlYh7cNLStDSw6XNU/9IKeO +r2gQjAqS/pMGBMS3FOcd2S+/gMjJom2GaWLhGdJAGdmtGh2EbFku5+WDL76pyAaN +BHEGD91PSER5nEGS9ho81IPDrIm0LVcp6xMRD6PWput/0gcC3Zun1ZDo9oJA1AsS +NMnm6c14ASh/1KQUx9XkC1hUmBVhb4UA4EshT4oXffTHpDMlA6yWqlkReg== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private.p12 b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private.p12 Binary files differnew file mode 100644 index 0000000..1d2e431 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-req.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-req.pem new file mode 100644 index 0000000..d2647cc --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-req.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFDzCCAvcCAQAwgckxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +GzAZBgNVBAsMEkRvbWFpbiBDb250cm9sbGVyczEiMCAGA1UEAwwZbG9jYWxkYy5z +YW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmY2Etc2FtYmEuZXhhbXBs +ZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDmpHbO6GP+V/mjruCtTeIVjtgnyH1/K7HoqlCPlPnHcT9SMpHRbVIi +X82NzGIWeotYZe0H9+ok04jYJsrr7BanhBx+FUZkCSJGud1cB4RQp04xPwEj0fg2 +BBq71OW21BtcFsmeN4o+qX0wJECytURA+lxv1T7/MsLnJArk5Kqf/0ysvjdYIggW +DvanL7VsT6x7pIKonzhkF25ytnxMxUQqCrQlDbAMq5hK+RoayaZZ9AClCm8K0KU0 +yg/0Dvu617s+LHwMaGsm/xwp/nf5MIUNRIyvkIpwk106thiLpYURXKNdVxbdx8gA +8QVxwm4HPDdpNnwSxZ4baRFFRB7rubKWsYnNTfqJ65JJ8kY1852HPL7k+LcxpzZL +gXabsgTVgH1P5gLtJEygA8SdAJ+dcZMNpbg3YisDw70kJSzDQ9TIJ7BtBdTGxdhb +CZToJ2vZbbe83na/1Zw2JgS5lx3wyY2Rk4IyDbcWl0ExmiILLrqZUShr9QS6yT1X +DHLo4SQa1Cpq5+O2uZRh405CgeVD5B7vbcRdpPm07DqKNP61x6j+GY3PfRtgIbol +bzXNT3IoQn2HCKraM35j5ltf5wGo4wvTCFqm3+rnKxNIp4MylsS60f8VZlIzhkZf +wp9ZSgCYtxuhhyXfrWhb9yYXK+uEYp3DvZlnagJdcHI+GJKZjL3ZTwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggIBAFRI0PRZO7XlWIpWUC0wc3KjVvTGxieaalJdPC/j +dxT7lBkSTHGjbeLIkqjVAuhONziKT2RP9QxzK2sa9jxIi5zR1byZv500suTez+96 +KkqSnFTgM4nwJdv2S8x0uBPmlREL4K1I0FGZX29wd0bqFhBQqSzVQvQqGSiqSJfU +KkIys1tAIrC7DfNvfhogIrupuN8clluLe0T25qxGeaqXN+EYB7U/O+4FZccpGoeP +dHO2zYeRib0oGTlnk1noRmlqgXPEKfzoWMJ2cUkexlRy1ajW0r1rvcIgc1rPnB8h +6c6YhFGwbYW54/I6tLxJc5pyWCQNH/uYEeFnGs/w85lPKvLM0RXsQ7rfnDRv3LOj +Mex+3whmIs5dAVdQQMy0ngsbPpaR+5Ry8eWAPmwnRXwVaysGgmTysVCzFGqSO3ul +7FgbKEEM1cNe4+Gvl2LEl+aJ5CB1DBslDjXMQVwLMpAU2sthJurhujx3/j598IUp +why48F4056Uf33CncLSEriykIEFXUionXUxtDsCaS13+CfKw+gUJJRsg4ZWqrY6M +b0KHAtzq4g7lFZ+XaXpGdxntqGOrgxfcgWBRhJnp35ILoMFNV2OHjySnF6SWDJvP +AY9IQsUDiMruNjCS9s5zaH7KqmJJ+pgcjVSholozUEI2J3hUpq3KFsE20Cyi+YbO +kTlo +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-cert.pem new file mode 120000 index 0000000..b7549bb --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-cert.pem @@ -0,0 +1 @@ +DC-localdc.samba.example.com-S00-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-private-key.pem new file mode 120000 index 0000000..21601b4 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-private-key.pem @@ -0,0 +1 @@ +DC-localdc.samba.example.com-S00-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem new file mode 100644 index 0000000..7b1b6a1 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem @@ -0,0 +1,190 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:28:44 2016 GMT + Not After : Mar 11 23:28:44 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=localdc.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:e6:a4:76:ce:e8:63:fe:57:f9:a3:ae:e0:ad:4d: + e2:15:8e:d8:27:c8:7d:7f:2b:b1:e8:aa:50:8f:94: + f9:c7:71:3f:52:32:91:d1:6d:52:22:5f:cd:8d:cc: + 62:16:7a:8b:58:65:ed:07:f7:ea:24:d3:88:d8:26: + ca:eb:ec:16:a7:84:1c:7e:15:46:64:09:22:46:b9: + dd:5c:07:84:50:a7:4e:31:3f:01:23:d1:f8:36:04: + 1a:bb:d4:e5:b6:d4:1b:5c:16:c9:9e:37:8a:3e:a9: + 7d:30:24:40:b2:b5:44:40:fa:5c:6f:d5:3e:ff:32: + c2:e7:24:0a:e4:e4:aa:9f:ff:4c:ac:be:37:58:22: + 08:16:0e:f6:a7:2f:b5:6c:4f:ac:7b:a4:82:a8:9f: + 38:64:17:6e:72:b6:7c:4c:c5:44:2a:0a:b4:25:0d: + b0:0c:ab:98:4a:f9:1a:1a:c9:a6:59:f4:00:a5:0a: + 6f:0a:d0:a5:34:ca:0f:f4:0e:fb:ba:d7:bb:3e:2c: + 7c:0c:68:6b:26:ff:1c:29:fe:77:f9:30:85:0d:44: + 8c:af:90:8a:70:93:5d:3a:b6:18:8b:a5:85:11:5c: + a3:5d:57:16:dd:c7:c8:00:f1:05:71:c2:6e:07:3c: + 37:69:36:7c:12:c5:9e:1b:69:11:45:44:1e:eb:b9: + b2:96:b1:89:cd:4d:fa:89:eb:92:49:f2:46:35:f3: + 9d:87:3c:be:e4:f8:b7:31:a7:36:4b:81:76:9b:b2: + 04:d5:80:7d:4f:e6:02:ed:24:4c:a0:03:c4:9d:00: + 9f:9d:71:93:0d:a5:b8:37:62:2b:03:c3:bd:24:25: + 2c:c3:43:d4:c8:27:b0:6d:05:d4:c6:c5:d8:5b:09: + 94:e8:27:6b:d9:6d:b7:bc:de:76:bf:d5:9c:36:26: + 04:b9:97:1d:f0:c9:8d:91:93:82:32:0d:b7:16:97: + 41:31:9a:22:0b:2e:ba:99:51:28:6b:f5:04:ba:c9: + 3d:57:0c:72:e8:e1:24:1a:d4:2a:6a:e7:e3:b6:b9: + 94:61:e3:4e:42:81:e5:43:e4:1e:ef:6d:c4:5d:a4: + f9:b4:ec:3a:8a:34:fe:b5:c7:a8:fe:19:8d:cf:7d: + 1b:60:21:ba:25:6f:35:cd:4f:72:28:42:7d:87:08: + aa:da:33:7e:63:e6:5b:5f:e7:01:a8:e3:0b:d3:08: + 5a:a6:df:ea:e7:2b:13:48:a7:83:32:96:c4:ba:d1: + ff:15:66:52:33:86:46:5f:c2:9f:59:4a:00:98:b7: + 1b:a1:87:25:df:ad:68:5b:f7:26:17:2b:eb:84:62: + 9d:c3:bd:99:67:6a:02:5d:70:72:3e:18:92:99:8c: + bd:d9:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate localdc.samba.example.com + X509v3 Subject Key Identifier: + E1:DF:73:0B:F1:3E:86:43:A4:B3:E9:8D:44:7D:3C:B2:19:C1:BC:F2 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:localdc.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 89:2c:57:98:17:c1:73:a6:10:02:6f:a6:ac:47:1c:37:2d:1d: + a1:3c:c5:29:b6:3a:e6:e8:14:ec:3b:74:ee:da:db:2d:97:3e: + d3:8c:9d:42:7e:b0:46:e9:54:74:4f:34:df:9e:34:7f:9e:8a: + 9d:4d:b2:cf:fb:71:3f:cb:32:e6:45:e7:b4:d3:9e:e8:ca:a5: + cf:16:7b:76:b5:4e:e0:b9:bb:79:b1:82:a7:d3:23:cb:3c:46: + 63:63:96:b3:5b:62:9e:99:dc:02:17:f9:07:63:86:76:06:1a: + 02:1b:9a:df:1d:cd:e7:46:fe:9a:13:87:47:dd:e2:77:58:50: + a2:6c:c9:a0:f8:14:1f:3b:d7:59:9c:89:bd:2e:2d:ce:60:f4: + c6:2c:e3:63:cf:34:84:61:d9:90:2e:90:fc:5b:4f:a2:00:87: + e7:40:e0:fc:d1:24:8b:d0:28:01:d3:53:ac:b1:58:7f:87:29: + 38:56:93:dd:a2:14:4a:9a:94:b9:f8:94:b2:04:47:db:b8:38: + e6:85:2b:cf:d4:72:88:8b:0d:8e:a0:69:f9:9f:10:22:82:9c: + c5:ec:01:e3:07:a1:69:37:94:25:3a:cd:17:29:37:8d:24:d3: + 27:0f:4d:bf:b0:31:36:b8:c6:a8:69:0b:df:28:f8:e2:dc:da: + 95:3e:7f:d7:3f:a5:8f:92:6a:7d:ad:3a:ac:af:73:2b:5f:f1: + b3:22:92:ef:da:71:84:9e:4b:23:7b:69:b7:29:fc:c5:05:84: + 4b:ff:06:92:ee:f5:9b:14:2a:af:be:ef:02:e1:e7:d0:e8:d0: + 29:7c:48:40:f1:95:bb:08:b2:30:c5:81:80:a8:91:5b:2e:08: + 3b:30:44:07:b5:c4:0b:07:74:ca:5d:37:3d:75:f9:bc:6d:21: + a6:e0:91:d8:f9:27:88:05:58:a7:f4:36:eb:ba:40:63:36:15: + 42:98:0b:e2:d1:c9:11:0b:29:81:e1:c7:02:7e:fa:05:65:51: + 7b:d6:1a:33:46:fc:a5:d4:fd:64:e8:c8:11:d4:d1:41:d9:39: + 18:08:a3:ed:15:70:d9:14:f5:ba:c9:bb:3e:96:8d:5d:cc:c3: + 5c:b6:c8:79:02:2e:e2:a1:06:ba:a5:21:1c:bf:16:7f:2d:d9: + 93:07:92:b1:fa:ee:3f:e3:56:35:f3:30:aa:11:54:d3:71:cb: + 29:d4:60:e1:6c:ae:c4:24:e3:00:4f:5f:52:b0:3f:f4:76:f3: + 6d:db:bc:d8:65:c4:37:be:1a:87:9b:65:c4:20:dd:da:a9:4c: + 9f:86:33:2b:49:a6:f7:aa:ce:da:98:3b:e3:5f:ac:b8:1b:45: + 0e:56:59:fb:49:38:0f:b7:d4:49:f8:7b:ac:fa:d8:b8:1d:16: + db:b2:4c:15:d8:e7:eb:6b:38:ff:d2:69:26:a6:f6:50:15:45: + 2f:12:b2:05:d4:bf:6f:53:79:64:9b:d5:8b:a1:08:3e:43:ee: + 08:fe:9b:ea:83:89:8a:6a:53:98:1e:c5:91:4c:7a:99:2b:6d: + 97:dc:96:1b:de:27:c5:af:0f:dd:42:5c:23:7d:bc:6b:5b:ab: + 47:29:98:35:8f:9e:e6:e1:5f:96:6a:bd:cf:3c:47:89:8b:ad: + 21:de:20:da:99:82:c1:0e:9b:7c:38:21:d8:b1:1c:34:c5:4e: + f7:fe:7d:5e:a4:2f:f8:7d:5c:30:2c:9e:e6:5a:4f:d3:15:90: + e6:6f:69:ea:51:93:8f:2c:dd:a7:c3:3c:50:a8:d1:ba:0b:5c: + cc:2e:4e:57:71:21:08:a1:2c:bd:a7:20:4b:ae:5c:02:7a:cd: + 9a:fe:1e:db:ec:ce:3b:12:37:cb:96:20:7b:3b:b1:5a:2e:84: + 03:f9:0b:32:43:c0:4e:e3:ea:79:e7:9a:13:54:e5:a8:1a:17: + c4:79:78:25:63:ab:67:39:39:a0:6c:c4:c5:94:ac:16:92:3d: + f0:1a:1a:9e:ca:7a:84:1b:c1:5a:5f:4c:65:8a:30:a6:5e:6c: + 0e:ae:bf:ac:09:97:0f:83:5c:92:ce:e4:43:de:06:4b:96:f5: + 46:3b:7d:a8:e3:0f:d3:fe:00:c7:d4:79:4e:5f:bd:ec:59:12: + f9:65:23:fa:e7:97:a2:a6:39:3b:a3:1e:da:47:c5:18:5b:8d: + a7:7b:29:1c:5a:7a:06:c6:92:9e:b7:3b:f0:c5:56:e8:cf:84: + cd:dd:61:0f:21:25:f4:1e:2b:40:b6:74:28:8d:41:f6:2c:1d: + ce:b4:39:d1:e1:be:15:78:c9:d7:99:a1:9d:50:43:da:ec:40: + 69:6a:3b:17:af:28:22:09:e0:7d:38:9e:a7:ca:b7:f7:94:8a: + 2a:1b:32:4e:28:6d:18:95:ca:42:67:c8:bb:13:24:31:43:84: + 3e:95:66:08:5c:15:7f:6b:93:cc:8f:b8:76:7a:fd:74:4a:d6: + 6f:64:74:df:72:f7:34:a3:50:f0:db:bf:0a:2b:1b:48:b7:c9: + c0:97:23:27:b1:56:5b:9e:10:12:5a:bf:ff:38:61:da:41:75: + 15:c5:03:c2:20:fd:7f:84:c0:94:8e:11:ed:01:ba:f1:19:b5: + 05:1d:bf:89:ea:c9:38:4e:d2:cf:5b:24:c6:37:a1:8e:60:89: + 5c:52:ff:7d:5e:2d:c9:f8:b1:79:07:4c:2f:18:85:e8:ba:bf: + 3e:da:59:43:df:29:79:7e:00:38:d2:fc:a9:8e:3b:9d +-----BEGIN CERTIFICATE----- +MIIJ6zCCBdOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI4NDRaFw0zNjAzMTEyMzI4NDRaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSIwIAYDVQQDDBlsb2NhbGRjLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNvbUBz +YW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOakds7oY/5X+aOu4K1N4hWO2CfIfX8rseiqUI+U+cdxP1IykdFtUiJfzY3MYhZ6 +i1hl7Qf36iTTiNgmyuvsFqeEHH4VRmQJIka53VwHhFCnTjE/ASPR+DYEGrvU5bbU +G1wWyZ43ij6pfTAkQLK1RED6XG/VPv8ywuckCuTkqp//TKy+N1giCBYO9qcvtWxP +rHukgqifOGQXbnK2fEzFRCoKtCUNsAyrmEr5GhrJpln0AKUKbwrQpTTKD/QO+7rX +uz4sfAxoayb/HCn+d/kwhQ1EjK+QinCTXTq2GIulhRFco11XFt3HyADxBXHCbgc8 +N2k2fBLFnhtpEUVEHuu5spaxic1N+onrkknyRjXznYc8vuT4tzGnNkuBdpuyBNWA +fU/mAu0kTKADxJ0An51xkw2luDdiKwPDvSQlLMND1MgnsG0F1MbF2FsJlOgna9lt +t7zedr/VnDYmBLmXHfDJjZGTgjINtxaXQTGaIgsuuplRKGv1BLrJPVcMcujhJBrU +Kmrn47a5lGHjTkKB5UPkHu9txF2k+bTsOoo0/rXHqP4Zjc99G2AhuiVvNc1PcihC +fYcIqtozfmPmW1/nAajjC9MIWqbf6ucrE0ingzKWxLrR/xVmUjOGRl/Cn1lKAJi3 +G6GHJd+taFv3Jhcr64RincO9mWdqAl1wcj4YkpmMvdlPAgMBAAGjggHxMIIB7TAJ +BgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEuZXhh +bXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEGCWCG +SAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwRgYJYIZIAYb4QgENBDkWN0RvbWFp +biBDb250cm9sbGVyIENlcnRpZmljYXRlIGxvY2FsZGMuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFOHfcwvxPoZDpLPpjUR9PLIZwbzyMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MD0GA1UdEQQ2MDSCGWxvY2FsZGMuc2FtYmEuZXhh +bXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1UdEgQqMCiBJmNh +LXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0GCWCGSAGG+EIB +BARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEu +ZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcDAgYIKwYBBQUH +AwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAIksV5gXwXOmEAJvpqxHHDct +HaE8xSm2OuboFOw7dO7a2y2XPtOMnUJ+sEbpVHRPNN+eNH+eip1Nss/7cT/LMuZF +57TTnujKpc8We3a1TuC5u3mxgqfTI8s8RmNjlrNbYp6Z3AIX+QdjhnYGGgIbmt8d +zedG/poTh0fd4ndYUKJsyaD4FB8711mcib0uLc5g9MYs42PPNIRh2ZAukPxbT6IA +h+dA4PzRJIvQKAHTU6yxWH+HKThWk92iFEqalLn4lLIER9u4OOaFK8/UcoiLDY6g +afmfECKCnMXsAeMHoWk3lCU6zRcpN40k0ycPTb+wMTa4xqhpC98o+OLc2pU+f9c/ +pY+San2tOqyvcytf8bMiku/acYSeSyN7abcp/MUFhEv/BpLu9ZsUKq++7wLh59Do +0Cl8SEDxlbsIsjDFgYCokVsuCDswRAe1xAsHdMpdNz11+bxtIabgkdj5J4gFWKf0 +Nuu6QGM2FUKYC+LRyRELKYHhxwJ++gVlUXvWGjNG/KXU/WToyBHU0UHZORgIo+0V +cNkU9brJuz6WjV3Mw1y2yHkCLuKhBrqlIRy/Fn8t2ZMHkrH67j/jVjXzMKoRVNNx +yynUYOFsrsQk4wBPX1KwP/R2823bvNhlxDe+GoebZcQg3dqpTJ+GMytJpveqztqY +O+NfrLgbRQ5WWftJOA+31En4e6z62LgdFtuyTBXY5+trOP/SaSam9lAVRS8SsgXU +v29TeWSb1YuhCD5D7gj+m+qDiYpqU5gexZFMepkrbZfclhveJ8WvD91CXCN9vGtb +q0cpmDWPnubhX5Zqvc88R4mLrSHeINqZgsEOm3w4IdixHDTFTvf+fV6kL/h9XDAs +nuZaT9MVkOZvaepRk48s3afDPFCo0boLXMwuTldxIQihLL2nIEuuXAJ6zZr+Htvs +zjsSN8uWIHs7sVouhAP5CzJDwE7j6nnnmhNU5agaF8R5eCVjq2c5OaBsxMWUrBaS +PfAaGp7KeoQbwVpfTGWKMKZebA6uv6wJlw+DXJLO5EPeBkuW9UY7fajjD9P+AMfU +eU5fvexZEvllI/rnl6KmOTujHtpHxRhbjad7KRxaegbGkp63O/DFVujPhM3dYQ8h +JfQeK0C2dCiNQfYsHc60OdHhvhV4ydeZoZ1QQ9rsQGlqOxevKCIJ4H04nqfKt/eU +iiobMk4obRiVykJnyLsTJDFDhD6VZghcFX9rk8yPuHZ6/XRK1m9kdN9y9zSjUPDb +vworG0i3ycCXIyexVlueEBJav/84YdpBdRXFA8Ig/X+EwJSOEe0BuvEZtQUdv4nq +yThO0s9bJMY3oY5giVxS/31eLcn4sXkHTC8Yhei6vz7aWUPfKXl+ADjS/KmOO50= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem new file mode 100644 index 0000000..4ab5d5a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:29:04 2016 GMT + Not After : Mar 11 23:29:04 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@samba.example.com/emailAddress=administrator@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:af:87:9e:1e:7f:c0:ab:da:47:22:74:d0:df:01: + f1:67:6c:ac:c4:b7:d9:18:97:e5:7a:62:76:33:b6: + 52:f2:92:90:75:ac:a3:94:7e:0c:29:75:c9:83:2f: + 19:66:60:84:45:ff:d5:a9:bd:c5:3a:a2:d8:25:cf: + 15:8a:23:3e:09:73:2f:99:1d:24:1f:e6:96:7e:7b: + c4:1e:8d:55:5b:c1:18:69:cd:1d:b4:22:d5:7b:db: + 5e:7c:91:f2:8e:c1:03:30:ee:63:46:5a:54:d5:40: + ac:79:55:00:71:07:8d:3e:0e:ed:ff:93:6c:f1:2d: + 84:c1:51:a3:7c:49:cf:ff:85:7b:c0:64:c1:ba:c8: + 66:7a:ff:17:2a:74:ea:16:6a:1d:97:c0:27:57:10: + be:76:f5:9a:63:56:c7:25:c6:fc:a7:5e:00:a6:1a: + 3d:21:bd:7a:f9:e3:03:60:ce:df:16:06:fc:05:bc: + d1:c8:5d:e7:33:ed:52:8b:60:5b:60:c5:70:13:1d: + c1:b3:08:13:09:3b:05:e8:02:40:12:45:89:af:87: + 1f:6a:8f:62:ce:1e:17:13:34:82:81:86:e9:bb:85: + 5b:75:1d:f4:3a:02:b4:a6:58:23:fe:c3:3a:35:09: + 95:bb:f7:79:bc:e3:97:e6:6d:77:24:aa:2d:51:50: + 37:69 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@samba.example.com + X509v3 Subject Key Identifier: + 45:DA:4B:8D:05:9C:62:4E:62:C3:D7:5C:5F:D3:D9:85:B4:9B:F2:2C + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + a2:bb:e6:97:67:3c:b6:6e:6e:dd:34:99:16:c6:80:91:08:bf: + 91:ba:51:62:5d:76:2f:e5:53:91:3d:99:03:18:a9:84:69:73: + 76:66:c3:eb:56:d7:c5:40:91:15:da:de:b2:76:48:7d:8a:8c: + 80:79:3c:e6:da:0e:a6:c3:53:d6:74:ee:5f:29:b7:03:46:de: + 89:32:14:22:03:30:68:2e:7e:06:d4:ac:9e:82:c0:02:16:7f: + 81:ba:ee:7a:e7:8b:f7:fb:99:7f:8c:eb:78:54:97:4e:28:44: + da:f4:e2:1b:f8:3e:ac:ca:cc:e3:e3:71:90:91:47:9c:78:ed: + 6f:bc:b7:98:12:ea:75:e5:15:f7:26:56:a7:5c:d6:74:a8:13: + 7b:23:35:4e:6a:01:f6:a9:f5:5b:9b:d0:ea:ba:0f:c3:c4:1a: + e0:b9:a3:ed:5d:28:cb:7f:1d:3e:8a:9a:af:4c:88:00:3c:10: + f0:49:85:24:60:e6:cb:d6:9e:00:46:78:4d:90:22:68:4f:10: + 39:84:3b:e2:7c:3d:ed:23:41:19:7e:6f:45:59:89:a9:9f:26: + c1:f9:7d:4d:0a:b4:10:f9:31:7d:cc:87:d0:4b:62:14:70:86: + c8:7d:14:ff:e4:68:e2:de:42:ca:01:c7:aa:2d:5a:a5:72:64: + f1:4c:fa:6e:60:15:22:08:68:e6:c6:6a:75:63:24:b5:54:76: + d1:97:4f:e0:e8:bc:eb:d0:62:84:4a:b4:3a:07:38:5f:b9:a6: + 6a:31:14:47:33:81:bd:d0:a4:a2:da:2b:92:0d:dc:42:c4:0f: + 28:0d:b6:1b:33:b5:88:df:1b:a8:d8:90:9a:11:ce:df:d4:14: + e9:ac:94:94:95:bb:bc:6e:f1:be:85:29:3f:17:ab:41:14:d8: + 20:ba:e0:a2:a3:d3:d4:8b:1e:4b:32:22:8d:0d:c1:e6:39:1a: + ce:cd:f3:1d:f1:82:85:d5:e7:80:34:90:a4:0e:d4:af:32:c8: + 79:4e:25:32:b6:1e:06:3a:26:42:38:47:1a:32:96:71:5b:fe: + 5b:b0:ef:7d:fe:58:ca:eb:b5:c9:4b:2f:12:cb:89:36:22:7c: + a6:39:ab:20:c1:2d:cd:6b:34:e1:cd:bc:ed:45:45:12:4a:65: + 4b:ab:45:f2:6d:7a:9d:f8:b5:52:78:1b:da:2f:e0:ce:f7:e2: + b0:fa:6f:40:3d:dd:e9:39:c3:63:68:ab:77:53:be:3b:dd:9a: + bc:d7:d7:fa:6a:bf:bf:74:f7:11:80:87:f9:d3:45:eb:1e:8e: + d1:a9:a0:2e:66:e7:20:67:1c:4c:22:43:77:85:ff:1a:23:37: + cc:49:de:51:ee:f2:04:2f:a8:98:88:0f:b6:18:53:eb:e2:49: + 15:5e:02:8b:1e:7b:e6:c5:d1:0c:df:84:4e:d9:bd:fe:21:48: + d4:a4:11:01:27:57:51:d6:c1:b2:a1:1c:11:9a:a7:d1:ab:f0: + 99:16:b2:c8:3f:74:25:68:0b:1a:cf:58:0d:cd:cc:1a:6d:8b: + ec:1f:70:82:02:40:97:0f:75:2c:53:87:c1:42:5c:d1:7e:19: + 78:2c:2c:88:73:33:81:63:38:84:07:0f:16:bb:7c:54:59:03: + 94:e7:b8:85:d7:f8:5e:53:35:65:2e:e5:27:65:be:f0:89:65: + f6:ab:3f:6e:a5:bd:c1:1a:9e:31:30:68:6e:50:af:54:4c:33: + f8:73:2f:41:60:4f:4c:85:1b:ad:7d:db:62:42:dc:87:96:b4: + cf:ce:12:50:ed:6c:01:5f:e2:f9:03:f5:f7:4c:6c:8f:2b:5b: + 7a:64:7d:19:e8:20:f2:e9:10:58:f3:71:0e:1e:58:68:f2:59: + 3c:06:53:7a:f3:60:62:5b:c7:b7:83:58:1d:3d:a6:17:db:33: + cc:91:14:af:d6:b9:08:bf:60:af:ac:3e:fe:8b:74:71:20:c7: + e7:31:5e:26:6c:28:52:67:12:1e:c3:9b:89:23:5d:88:ee:b0: + 6b:db:cc:94:8b:9b:1b:40:b7:66:bc:7d:1d:e1:08:00:20:ba: + 41:cd:17:d6:4c:7b:c4:5a:fd:cf:6b:20:e2:b8:86:9c:31:17: + c2:d7:7f:1c:3a:d0:fc:1d:f5:7f:c9:96:04:27:de:b8:ef:8d: + 38:9a:b3:56:60:ac:c2:07:38:64:19:39:9e:73:6f:ba:59:15: + ac:45:42:4d:bb:79:60:7f:ae:c3:8d:63:4a:27:16:0a:ca:92: + 7f:f7:a2:02:76:f5:e6:7c:ec:ba:ea:18:cd:9c:3b:ee:37:2c: + 9d:78:4e:c9:40:6d:94:cc:ce:ca:f4:33:fc:a4:dd:05:62:d6: + 0f:1e:19:63:af:10:c3:ff:02:1a:0a:48:fd:af:f2:a4:0e:64: + dd:90:f4:4f:14:1b:90:1f:9e:29:b0:0b:94:a4:d1:2a:87:b9: + 3a:76:c2:b6:af:c3:d4:84:6e:85:1c:64:73:46:d0:df:72:c0: + 3c:42:91:c4:30:10:11:18:36:bc:e5:17:36:22:5f:c2:3f:ac: + 1d:2e:9d:87:11:be:a7:ac:b2:62:35:74:b9:27:27:95:bc:c1: + 11:44:f8:64:36:60:74:06:a2:e7:e9:76:be:a7:86:5e:18:1e: + bd:dc:b0:aa:ae:92:d6:dd:d6:25:80:d6:c1:be:c1:21:1c:01: + 6f:83:20:ae:b7:54:4f:3d:2d:12:fc:a2:cc:49:fd:59 +-----BEGIN CERTIFICATE----- +MIII/TCCBOWgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI5MDRaFw0zNjAzMTEyMzI5MDRaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxKDAmBgNVBAMMH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5j +b20xLjAsBgkqhkiG9w0BCQEWH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvh54ef8Cr2kcidNDf +AfFnbKzEt9kYl+V6YnYztlLykpB1rKOUfgwpdcmDLxlmYIRF/9WpvcU6otglzxWK +Iz4Jcy+ZHSQf5pZ+e8QejVVbwRhpzR20ItV72158kfKOwQMw7mNGWlTVQKx5VQBx +B40+Du3/k2zxLYTBUaN8Sc//hXvAZMG6yGZ6/xcqdOoWah2XwCdXEL529ZpjVscl +xvynXgCmGj0hvXr54wNgzt8WBvwFvNHIXecz7VKLYFtgxXATHcGzCBMJOwXoAkAS +RYmvhx9qj2LOHhcTNIKBhum7hVt1HfQ6ArSmWCP+wzo1CZW793m845fmbXckqi1R +UDdpAgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0 +dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl +LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ +YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIGFk +bWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFEXaS40FnGJO +YsPXXF/T2YW0m/IsMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG +A1UdEQRUMFKBH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB +BAGCNxQCA6AhDB9hZG1pbmlzdHJhdG9yQHNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD +AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEAorvml2c8tm5u3TSZFsaA +kQi/kbpRYl12L+VTkT2ZAxiphGlzdmbD61bXxUCRFdresnZIfYqMgHk85toOpsNT +1nTuXym3A0beiTIUIgMwaC5+BtSsnoLAAhZ/gbrueueL9/uZf4zreFSXTihE2vTi +G/g+rMrM4+NxkJFHnHjtb7y3mBLqdeUV9yZWp1zWdKgTeyM1TmoB9qn1W5vQ6roP +w8Qa4Lmj7V0oy38dPoqar0yIADwQ8EmFJGDmy9aeAEZ4TZAiaE8QOYQ74nw97SNB +GX5vRVmJqZ8mwfl9TQq0EPkxfcyH0EtiFHCGyH0U/+Ro4t5CygHHqi1apXJk8Uz6 +bmAVIgho5sZqdWMktVR20ZdP4Oi869BihEq0Ogc4X7mmajEURzOBvdCkotorkg3c +QsQPKA22GzO1iN8bqNiQmhHO39QU6ayUlJW7vG7xvoUpPxerQRTYILrgoqPT1Ise +SzIijQ3B5jkazs3zHfGChdXngDSQpA7UrzLIeU4lMrYeBjomQjhHGjKWcVv+W7Dv +ff5Yyuu1yUsvEsuJNiJ8pjmrIMEtzWs04c287UVFEkplS6tF8m16nfi1Ungb2i/g +zvfisPpvQD3d6TnDY2ird1O+O92avNfX+mq/v3T3EYCH+dNF6x6O0amgLmbnIGcc +TCJDd4X/GiM3zEneUe7yBC+omIgPthhT6+JJFV4Cix575sXRDN+ETtm9/iFI1KQR +ASdXUdbBsqEcEZqn0avwmRayyD90JWgLGs9YDc3MGm2L7B9wggJAlw91LFOHwUJc +0X4ZeCwsiHMzgWM4hAcPFrt8VFkDlOe4hdf4XlM1ZS7lJ2W+8Ill9qs/bqW9wRqe +MTBoblCvVEwz+HMvQWBPTIUbrX3bYkLch5a0z84SUO1sAV/i+QP190xsjytbemR9 +Gegg8ukQWPNxDh5YaPJZPAZTevNgYlvHt4NYHT2mF9szzJEUr9a5CL9gr6w+/ot0 +cSDH5zFeJmwoUmcSHsObiSNdiO6wa9vMlIubG0C3Zrx9HeEIACC6Qc0X1kx7xFr9 +z2sg4riGnDEXwtd/HDrQ/B31f8mWBCfeuO+NOJqzVmCswgc4ZBk5nnNvulkVrEVC +Tbt5YH+uw41jSicWCsqSf/eiAnb15nzsuuoYzZw77jcsnXhOyUBtlMzOyvQz/KTd +BWLWDx4ZY68Qw/8CGgpI/a/ypA5k3ZD0TxQbkB+eKbALlKTRKoe5OnbCtq/D1IRu +hRxkc0bQ33LAPEKRxDAQERg2vOUXNiJfwj+sHS6dhxG+p6yyYjV0uScnlbzBEUT4 +ZDZgdAai5+l2vqeGXhgevdywqq6S1t3WJYDWwb7BIRwBb4MgrrdUTz0tEvyizEn9 +WQ== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem new file mode 100644 index 0000000..2e2a8b9 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:29:25 2016 GMT + Not After : Mar 11 23:29:25 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addc.addom.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a6:c4:a9:bf:75:ea:4c:8d:3b:fd:8a:0f:b0:a2: + b6:c7:a8:1f:e4:0e:3e:41:ef:d6:10:48:77:7b:4e: + 4c:59:e1:bf:6d:c7:18:7b:a8:01:a7:d5:d2:2c:21: + 3e:d0:1a:da:58:03:e8:42:f1:53:0e:a7:91:b9:2c: + b9:e7:7a:c9:de:5e:ed:4c:93:6b:cc:dd:17:d0:c7: + d1:f1:7c:3d:0d:6f:df:5d:53:5a:b1:1f:a3:7b:5b: + 41:65:0c:7c:ea:53:df:bb:da:41:15:da:49:e3:b9: + 2d:bb:b5:af:ef:8c:b8:84:74:d0:18:16:8e:5c:e4: + c2:e7:a1:87:8f:e3:87:8b:0b:bb:90:30:e8:e0:f3: + eb:c0:50:5f:b5:7f:54:9a:1b:34:43:fd:be:5a:80: + 6e:0f:63:a2:b3:79:42:4a:85:c8:07:c7:82:55:23: + 88:d4:4e:03:2f:f1:95:bd:ed:15:2d:3e:16:cd:ff: + c7:9b:03:29:36:a6:5d:c9:1a:1e:89:a5:ba:66:83: + 0f:96:a8:07:9f:24:b9:1b:8f:02:9a:b8:50:29:8b: + be:63:45:fa:45:c3:38:23:a0:98:3a:b4:6b:42:99: + 13:36:4b:84:ef:27:89:39:34:79:f8:67:16:7b:9c: + 2a:03:41:15:63:46:e4:db:2f:f2:3e:6d:fe:7c:20: + 1e:9f:02:48:a4:bc:15:42:a6:f8:38:86:dc:6b:7c: + 4e:67:a3:31:81:8e:b6:30:1a:eb:3d:08:25:19:5f: + 42:dc:39:ec:79:1d:30:0a:fb:16:8f:3d:19:14:cc: + f5:af:d7:c6:75:cf:b3:96:a2:b2:9b:d9:03:01:a3: + ca:88:1d:72:ed:6f:d1:bf:57:56:8e:b9:07:9b:b9: + 04:13:1e:0b:5a:06:6b:2b:43:a2:dc:d5:b7:f4:ba: + d3:ae:9d:ad:fd:d3:8a:7c:2f:87:32:fa:89:88:58: + 00:ae:16:2b:9c:1d:58:82:4d:e5:21:da:d5:6c:f7: + a8:40:8b:c7:02:d5:36:30:ef:3f:09:9b:a6:d2:31: + a3:bf:20:d4:a2:9e:26:c4:b4:c3:0f:0b:6c:00:d1: + 2c:16:b1:2a:eb:06:d9:d5:98:c3:cd:cb:20:68:ad: + 0a:2c:a1:2f:27:41:5c:91:de:49:62:ed:d8:3a:ef: + 68:1c:6d:fe:94:c3:28:68:32:60:08:65:cd:02:9f: + 97:96:2f:0f:87:27:3d:b9:0f:85:62:e8:2b:9a:b4: + f4:d3:d7:c1:93:96:27:23:29:88:b1:39:99:53:3a: + 20:aa:88:44:3b:4a:24:2a:8b:e0:b4:8d:dd:66:30: + df:a6:6e:b7:fc:21:43:16:9e:3e:12:20:c8:7a:30: + c1:3d:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addc.addom.samba.example.com + X509v3 Subject Key Identifier: + 3D:BC:70:0C:74:D4:B8:85:49:1D:08:84:C4:1B:27:F2:AF:72:37:D3 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addc.addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 9e:8b:bb:0a:7a:dc:c0:94:33:bc:18:a5:e6:4a:1f:ff:8e:21: + b1:8f:33:f0:3e:8b:6c:72:55:c4:47:71:5f:ce:e7:31:ef:5b: + 62:04:b7:57:8f:a8:27:9f:ed:69:d2:ec:a8:0d:e2:76:33:8d: + 41:3a:67:61:5c:53:60:c7:53:ed:d7:99:72:29:1d:ae:d3:ee: + c9:76:1c:6d:18:47:e9:94:dd:2e:97:3f:99:af:b5:f4:a1:7c: + 92:f6:4d:b5:c1:7a:0c:38:ba:d1:b6:19:9a:9f:e2:02:84:d4: + 54:01:38:7b:55:86:4a:ee:3d:85:48:01:da:34:09:69:43:25: + 7e:6e:06:73:e0:b9:7c:b5:9c:4e:9c:b5:52:85:32:62:62:25: + 39:fa:02:4b:51:2e:df:8e:52:17:02:50:f4:99:29:bf:7e:97: + 53:91:12:85:9a:69:62:45:59:c4:5b:3f:af:18:e6:7b:e4:86: + 5d:f1:9e:5a:2b:3e:14:6e:7e:d4:47:24:ef:d9:a8:ec:d9:a6: + cb:b8:4f:1a:86:d9:43:20:41:16:15:5f:81:0d:fe:6b:31:53: + c1:f6:84:4c:f3:03:64:d2:e6:44:3d:7a:60:79:d7:37:6f:33: + de:c0:a8:b9:6e:fe:b2:79:ac:b4:53:92:b8:0a:59:2b:cc:6b: + 37:c4:6f:c6:44:02:f7:7c:c5:c6:a6:6f:c2:ad:de:78:1e:48: + 96:cc:fe:59:2e:53:ce:34:d6:e8:f0:56:43:30:32:90:6f:f9: + 47:76:ab:99:63:e3:e8:a3:f3:83:98:e9:05:2b:ea:f9:f9:9d: + 66:70:c7:2c:00:c2:9e:57:3e:31:43:50:50:c8:db:a8:2d:21: + 4e:6f:39:c2:bd:ef:d8:47:99:27:0d:48:b2:58:f1:be:45:bd: + fe:c4:a2:56:fc:06:02:dc:19:33:85:53:ed:38:59:01:16:bc: + aa:c5:d3:4b:37:54:83:1b:e5:c1:4b:dd:34:6b:e5:d8:35:86: + 95:e6:9f:d2:22:84:b1:e2:4f:a7:2e:4d:e6:9c:eb:db:df:42: + e1:b4:66:e6:58:d3:28:10:34:97:f3:9c:6b:5f:05:2c:47:2c: + e3:75:eb:6f:74:0a:ec:d7:1d:30:80:56:44:12:26:f6:4e:5f: + ff:92:f4:62:02:36:9c:62:eb:39:98:53:68:68:95:fb:94:68: + 69:b8:3c:66:1a:ce:78:c4:cf:c4:6f:21:ac:a8:a6:f4:ab:69: + 2a:2e:00:5d:f7:67:06:b1:4f:97:58:88:55:d8:6e:eb:a5:98: + 50:36:21:70:3d:b0:a4:f5:3b:21:b3:1c:f5:a9:dd:c6:4a:c2: + 89:b8:5a:b3:bc:1f:21:ce:4c:68:5f:98:d8:39:70:d2:7e:a0: + 90:df:ad:a3:13:eb:3c:93:f6:b8:f4:d9:a7:51:b3:0d:ea:ee: + d4:57:aa:db:ca:7c:8a:a0:08:c3:98:9a:3a:b7:ba:2a:50:92: + 26:c2:e3:11:ba:12:60:24:b9:59:df:62:a8:d7:4d:a3:cb:ea: + 46:e8:39:f9:83:14:a8:5c:44:75:71:6b:7f:99:bd:68:58:d9: + 6b:d1:cd:c7:45:95:9e:44:1e:85:35:c0:30:2b:18:aa:eb:2f: + 93:d5:be:66:5d:70:ed:1d:04:f2:c1:1e:b5:ec:45:0c:04:f6: + 9d:88:d3:0c:20:5e:5b:23:df:34:a1:f5:ea:b4:a1:44:c0:da: + d5:ea:89:e8:b5:cb:dc:f8:92:ee:ac:8d:61:ed:bf:74:2b:28: + 79:1f:f4:9a:ff:63:bd:e6:aa:79:1d:2c:26:4a:b2:26:53:57: + ba:88:0e:eb:19:57:c0:10:a0:1e:81:2a:c0:56:2e:c3:2a:81: + bf:c1:5a:e7:48:ce:c1:6a:b9:6c:41:cc:44:a6:b8:70:e2:57: + 0e:6d:41:d6:61:da:bf:ac:20:2c:a7:2a:67:23:98:00:ba:ce: + 8b:a8:c2:45:66:a7:08:eb:7f:0a:b5:e7:9b:d6:f4:07:d5:b3: + 43:cd:27:d4:fa:c9:40:8f:af:b2:36:1c:e7:44:b4:4e:cc:5a: + 2b:73:ad:8f:c4:d9:47:a6:fb:2c:7d:1a:80:2a:55:b3:80:34: + 6f:8e:17:27:93:05:21:40:e9:8f:bf:47:6a:52:f5:2e:b5:18: + d1:8c:1d:83:04:80:55:fd:21:28:dc:7c:be:c8:c1:5f:e4:40: + d3:13:e4:66:bf:ad:92:4e:9b:db:c1:be:a3:42:74:da:c3:2c: + 0a:da:3f:94:14:ad:7e:de:81:c6:01:6a:f7:7a:b4:25:51:b0: + ab:cd:b3:3a:77:bf:c3:6b:04:44:30:73:41:ad:93:49:67:ee: + 43:d1:96:8e:36:83:2b:1b:6c:e7:cc:3e:d6:16:b9:88:4a:ab: + 56:c0:76:00:f6:9a:6a:8a:e3:e0:41:75:9d:3b:47:0f:c9:0a: + 8e:9f:9c:00:92:bb:ae:d8:42:56:35:64:eb:59:13:da:2c:63: + 83:c3:ec:68:91:b5:f3:71:85:48:54:c3:9d:a1:c8:63:f3:de: + 5d:a5:34:a9:1e:85:2c:2c:b5:d8:a9:62:8d:26:1f:b2:9e:a7: + 83:4d:df:69:63:b5:b7:e5:dd:e7:3b:18:e5:b3:77:df:c5:47: + b3:f7:8c:e7:5e:87:2e:46:e3:8f:b1:2b:9b:c6:26:2d:1a:28: + 30:13:10:86:5b:46:87:b1:2d:12:ce:b6:fe:1c:4e:44 +-----BEGIN CERTIFICATE----- +MIIJ9DCCBdygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI5MjVaFw0zNjAzMTEyMzI5MjVaMIG4MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSUwIwYDVQQDDBxhZGRjLmFkZG9tLnNhbWJh +LmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZjYS1zYW1iYS5leGFtcGxlLmNv +bUBzYW1iYS5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAKbEqb916kyNO/2KD7CitseoH+QOPkHv1hBId3tOTFnhv23HGHuoAafV0iwh +PtAa2lgD6ELxUw6nkbksued6yd5e7UyTa8zdF9DH0fF8PQ1v311TWrEfo3tbQWUM +fOpT37vaQRXaSeO5Lbu1r++MuIR00BgWjlzkwuehh4/jh4sLu5Aw6ODz68BQX7V/ +VJobNEP9vlqAbg9jorN5QkqFyAfHglUjiNROAy/xlb3tFS0+Fs3/x5sDKTamXcka +HomlumaDD5aoB58kuRuPApq4UCmLvmNF+kXDOCOgmDq0a0KZEzZLhO8niTk0efhn +FnucKgNBFWNG5Nsv8j5t/nwgHp8CSKS8FUKm+DiG3Gt8TmejMYGOtjAa6z0IJRlf +Qtw57HkdMAr7Fo89GRTM9a/XxnXPs5aispvZAwGjyogdcu1v0b9XVo65B5u5BBMe +C1oGaytDotzVt/S6066drf3TinwvhzL6iYhYAK4WK5wdWIJN5SHa1Wz3qECLxwLV +NjDvPwmbptIxo78g1KKeJsS0ww8LbADRLBaxKusG2dWYw83LIGitCiyhLydBXJHe +SWLt2DrvaBxt/pTDKGgyYAhlzQKfl5YvD4cnPbkPhWLoK5q09NPXwZOWJyMpiLE5 +mVM6IKqIRDtKJCqL4LSN3WYw36Zut/whQxaePhIgyHowwT2rAgMBAAGjggH3MIIB +8zAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEu +ZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEG +CWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwSQYJYIZIAYb4QgENBDwWOkRv +bWFpbiBDb250cm9sbGVyIENlcnRpZmljYXRlIGFkZGMuYWRkb20uc2FtYmEuZXhh +bXBsZS5jb20wHQYDVR0OBBYEFD28cAx01LiFSR0IhMQbJ/KvcjfTMB8GA1UdIwQY +MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MEAGA1UdEQQ5MDeCHGFkZGMuYWRkb20u +c2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoECAEjRWeJq83vMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNVHSUEHzAdBggrBgEFBQcD +AgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggQBAJ6Luwp63MCU +M7wYpeZKH/+OIbGPM/A+i2xyVcRHcV/O5zHvW2IEt1ePqCef7WnS7KgN4nYzjUE6 +Z2FcU2DHU+3XmXIpHa7T7sl2HG0YR+mU3S6XP5mvtfShfJL2TbXBegw4utG2GZqf +4gKE1FQBOHtVhkruPYVIAdo0CWlDJX5uBnPguXy1nE6ctVKFMmJiJTn6AktRLt+O +UhcCUPSZKb9+l1OREoWaaWJFWcRbP68Y5nvkhl3xnlorPhRuftRHJO/ZqOzZpsu4 +TxqG2UMgQRYVX4EN/msxU8H2hEzzA2TS5kQ9emB51zdvM97AqLlu/rJ5rLRTkrgK +WSvMazfEb8ZEAvd8xcamb8Kt3ngeSJbM/lkuU8401ujwVkMwMpBv+Ud2q5lj4+ij +84OY6QUr6vn5nWZwxywAwp5XPjFDUFDI26gtIU5vOcK979hHmScNSLJY8b5Fvf7E +olb8BgLcGTOFU+04WQEWvKrF00s3VIMb5cFL3TRr5dg1hpXmn9IihLHiT6cuTeac +69vfQuG0ZuZY0ygQNJfznGtfBSxHLON16290CuzXHTCAVkQSJvZOX/+S9GICNpxi +6zmYU2holfuUaGm4PGYaznjEz8RvIayopvSraSouAF33ZwaxT5dYiFXYbuulmFA2 +IXA9sKT1OyGzHPWp3cZKwom4WrO8HyHOTGhfmNg5cNJ+oJDfraMT6zyT9rj02adR +sw3q7tRXqtvKfIqgCMOYmjq3uipQkibC4xG6EmAkuVnfYqjXTaPL6kboOfmDFKhc +RHVxa3+ZvWhY2WvRzcdFlZ5EHoU1wDArGKrrL5PVvmZdcO0dBPLBHrXsRQwE9p2I +0wwgXlsj3zSh9eq0oUTA2tXqiei1y9z4ku6sjWHtv3QrKHkf9Jr/Y73mqnkdLCZK +siZTV7qIDusZV8AQoB6BKsBWLsMqgb/BWudIzsFquWxBzESmuHDiVw5tQdZh2r+s +ICynKmcjmAC6zouowkVmpwjrfwq155vW9AfVs0PNJ9T6yUCPr7I2HOdEtE7MWitz +rY/E2Uem+yx9GoAqVbOANG+OFyeTBSFA6Y+/R2pS9S61GNGMHYMEgFX9ISjcfL7I +wV/kQNMT5Ga/rZJOm9vBvqNCdNrDLAraP5QUrX7egcYBavd6tCVRsKvNszp3v8Nr +BEQwc0Gtk0ln7kPRlo42gysbbOfMPtYWuYhKq1bAdgD2mmqK4+BBdZ07Rw/JCo6f +nACSu67YQlY1ZOtZE9osY4PD7GiRtfNxhUhUw52hyGPz3l2lNKkehSwstdipYo0m +H7Kep4NN32ljtbfl3ec7GOWzd9/FR7P3jOdehy5G44+xK5vGJi0aKDATEIZbRoex +LRLOtv4cTkQ= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem new file mode 100644 index 0000000..7486a63 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:29:41 2016 GMT + Not After : Mar 11 23:29:41 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom.samba.example.com/emailAddress=administrator@addom.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:91:64:f2:1b:2b:ed:9b:40:bc:0d:46:23:49: + 77:32:74:fe:cb:9a:46:86:33:1e:56:bd:c8:da:dd: + e6:2a:07:34:61:1c:f0:b8:71:29:24:2b:90:f3:43: + 99:6f:69:f6:ff:8d:b9:b7:3f:f3:36:6a:99:90:90: + d6:95:63:4e:88:5a:d7:41:89:7f:73:13:64:49:c7: + de:42:65:08:5d:ca:04:b2:68:3a:40:7f:6a:05:df: + 56:30:2f:ac:1b:8b:0f:c3:15:3c:38:0f:90:50:44: + 00:bb:59:40:f6:d2:e8:5b:73:03:0d:f6:7d:38:5d: + 2f:99:c3:0d:13:0f:74:d0:9e:ef:1e:92:42:c4:46: + 7c:dc:85:7e:e9:af:91:4e:9d:5f:82:af:58:60:18: + a5:ac:91:6e:dd:cf:a7:32:3c:d2:f4:e9:81:be:80: + 9e:0c:ca:1f:1a:be:98:c4:fe:e6:25:c1:89:fe:16: + 0a:30:90:d3:d4:e5:af:89:24:64:12:d0:4f:19:e2: + 1b:86:fb:06:a9:63:d1:47:10:89:dc:2b:52:24:dc: + 66:a9:56:c2:cb:f4:ec:35:12:f4:ad:5e:fc:ff:86: + e9:b1:f9:1f:b3:ce:44:fb:be:04:af:8d:42:9b:56: + a5:02:7f:c5:cf:5f:23:41:1c:69:ee:33:97:7a:81: + 50:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@addom.samba.example.com + X509v3 Subject Key Identifier: + 30:10:6E:1F:7E:52:33:8C:C8:85:E5:92:74:5D:76:7E:E9:33:5B:36 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 53:3e:51:d2:5d:2c:69:23:5b:dd:05:1a:23:ff:39:5d:54:63: + e5:da:e1:4b:60:8c:09:7c:4e:8e:da:8a:bb:63:5d:bc:2d:a0: + d4:ce:9e:d2:ce:38:d7:32:67:ba:4a:a6:d1:1d:c4:c7:50:e8: + 9a:9e:44:56:1a:9c:f4:8f:b9:8e:39:84:21:db:0f:60:8a:60: + b4:0f:4f:3c:35:a0:d2:37:3d:88:e8:0a:18:a7:a7:2d:19:e3: + aa:d3:8e:18:8f:35:ef:3e:4a:95:c4:d3:9b:f4:cf:89:c2:70: + b9:8c:5c:ef:8a:9e:7a:56:73:13:eb:8b:b7:d9:e1:88:5b:c4: + 62:47:42:45:8d:7b:2d:cf:71:83:1b:48:9d:84:8f:65:66:97: + 61:fc:f6:30:34:e8:88:2a:34:91:48:dc:7a:b7:65:bc:9c:98: + 00:4c:e7:49:fe:4d:a9:56:ea:87:d6:6c:46:39:f2:98:5b:56: + 14:82:f2:9e:b8:ad:fd:89:36:48:87:4e:5c:ef:3f:e0:35:ff: + 72:5f:5b:e1:c2:fd:d9:6e:40:2b:35:ad:50:08:74:94:87:89: + c4:cd:c7:ab:a7:19:4e:ba:f2:1d:83:0f:b0:cf:9c:e6:df:73: + 36:88:cf:42:9c:a3:72:27:0f:f7:bf:5b:cc:6b:e5:20:03:b5: + 4a:1c:f3:7d:ae:92:43:aa:bb:13:07:a4:3a:77:3d:34:01:00: + f1:89:aa:e8:1b:09:7b:b8:b0:e1:54:03:ff:3d:8d:be:35:b9: + 13:b2:59:58:32:48:93:f8:e7:d7:3d:49:70:01:44:e6:2b:21: + b3:75:49:ae:44:7a:50:15:b8:65:f3:c3:48:96:df:c8:d9:2a: + f7:c5:2a:7e:2c:68:77:af:2d:78:1b:fc:1a:d8:f4:8b:a6:86: + 35:d2:f0:87:e9:d6:30:0a:76:65:f8:71:e9:80:0d:1f:16:86: + 89:92:81:34:d9:be:9b:41:25:ec:65:a9:0a:56:b2:03:91:54: + 02:21:97:99:74:61:8c:4a:2e:f4:d0:b1:8b:f1:e6:26:52:bc: + f6:f2:e0:bd:96:66:22:c3:4e:51:2f:c3:c4:65:65:c7:97:b5: + 1b:29:23:7a:c0:7b:fb:49:33:a0:a9:6a:b7:2f:f3:44:6b:5b: + 0c:2c:0d:75:f2:50:d5:82:ba:9a:ab:e0:89:0a:b6:b5:8a:5e: + 1a:67:ab:d9:a7:21:22:75:61:1e:d7:21:36:15:6a:da:a8:39: + 4d:95:50:2b:e6:ac:c4:f6:38:74:c9:c5:ac:ce:2f:b3:c8:d4: + ad:18:a7:93:d4:1a:be:c2:be:9e:39:e6:a7:b1:0e:93:d0:9e: + cf:b0:ac:53:7d:08:1f:9d:a5:98:2b:4e:f6:80:e4:df:ea:43: + a2:f9:64:bf:84:b2:ff:1c:93:36:60:74:08:4e:5b:d6:24:9a: + f8:ac:c7:81:f9:2a:a9:00:28:44:15:6a:31:b9:b5:08:89:c8: + 31:15:1e:8f:9d:2c:d0:e3:a8:32:2c:68:42:41:19:6c:43:8e: + 69:c0:44:01:ba:1c:c4:ea:f4:ff:c8:57:03:ba:df:3f:5e:a5: + 03:da:75:31:2e:07:67:a7:5c:02:55:c3:6f:8f:11:f5:8c:56: + a1:f7:4b:bb:46:d0:e5:ff:68:c1:77:3d:0d:35:12:f5:40:af: + cd:05:5c:53:74:ff:54:e0:c0:c6:10:5c:e8:33:06:0a:50:47: + 7e:71:3a:36:66:aa:f8:de:97:2a:ae:bf:8d:6d:d4:39:c4:fd: + b3:03:1d:a5:9c:47:39:8c:c0:b3:73:f8:3a:d6:34:ac:49:4f: + b3:87:74:11:20:8f:c0:aa:24:a7:30:20:0c:c0:d9:1c:44:ee: + ae:c8:b8:13:63:e5:f8:5e:8f:b0:5a:46:c5:83:3d:41:62:06: + e4:62:a6:0a:40:cc:8e:59:ad:8a:36:4e:20:e6:f2:32:04:6e: + ee:4e:7d:97:88:dc:ea:74:90:c4:ab:a8:b5:bc:6c:81:b1:64: + 77:a6:93:34:44:e4:60:38:b1:0c:2b:29:3a:4a:f7:17:d7:3a: + c8:42:7e:db:4d:5f:09:92:ae:6c:90:e1:7d:9f:96:9c:1a:82: + bd:45:02:76:29:62:e5:b9:14:53:01:53:c0:5a:d5:34:53:7a: + 25:49:3e:3d:db:19:7e:29:57:80:78:67:ea:21:3e:3d:59:36: + e0:8b:da:75:57:9b:c8:9d:a1:18:18:e2:5c:35:35:9e:62:2c: + f5:0f:c0:8f:55:16:a5:d4:9e:cd:0e:78:87:9d:53:d3:01:e1: + 18:61:36:1c:06:c3:3a:43:f3:8a:13:e6:4e:52:32:fd:46:21: + cd:62:18:1f:ae:f5:f2:1a:ea:7a:01:3b:a1:3f:1d:16:00:91: + 5e:94:78:f4:60:33:54:a9:fc:1c:0a:75:f9:17:aa:dd:12:91: + 66:4b:f0:d1:60:25:d4:06:d1:99:9c:c5:64:01:4b:ba:d9:66: + ba:9c:f7:68:75:fd:11:3a:eb:6e:fb:8f:a6:17:8a:cd:bc:1a: + 59:f9:a9:cd:33:db:7d:71:26:7d:c7:be:de:eb:2e:c0:7e:db: + 29:08:0e:82:63:1e:8c:8f:e6:21:1c:b1:49:13:9e:df:78:3b: + 68:01:17:0f:df:97:96:58:32:48:1e:5c:ff:fa:db:90:b5:05: + 84:68:fd:7c:c0:a5:35:d9:75:1e:ea:cc:25:25:3f:6e +-----BEGIN CERTIFICATE----- +MIIJGzCCBQOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI5NDFaFw0zNjAzMTEyMzI5NDFaMIGzMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxLjAsBgNVBAMMJWFkbWluaXN0cmF0b3JAYWRkb20uc2FtYmEuZXhh +bXBsZS5jb20xNDAyBgkqhkiG9w0BCQEWJWFkbWluaXN0cmF0b3JAYWRkb20uc2Ft +YmEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ +kWTyGyvtm0C8DUYjSXcydP7LmkaGMx5Wvcja3eYqBzRhHPC4cSkkK5DzQ5lvafb/ +jbm3P/M2apmQkNaVY06IWtdBiX9zE2RJx95CZQhdygSyaDpAf2oF31YwL6wbiw/D +FTw4D5BQRAC7WUD20uhbcwMN9n04XS+Zww0TD3TQnu8ekkLERnzchX7pr5FOnV+C +r1hgGKWskW7dz6cyPNL06YG+gJ4Myh8avpjE/uYlwYn+FgowkNPU5a+JJGQS0E8Z +4huG+wapY9FHEIncK1Ik3GapVsLL9Ow1EvStXvz/humx+R+zzkT7vgSvjUKbVqUC +f8XPXyNBHGnuM5d6gVCLAgMBAAGjggIjMIICHzAJBgNVHRMEAjAAME8GA1UdHwRI +MEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1z +YW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNV +HQ8EBAMCBeAwVQYJYIZIAYb4QgENBEgWRlNtYXJ0IENhcmQgTG9naW4gQ2VydGlm +aWNhdGUgZm9yIGFkbWluaXN0cmF0b3JAYWRkb20uc2FtYmEuZXhhbXBsZS5jb20w +HQYDVR0OBBYEFDAQbh9+UjOMyIXlknRddn7pM1s2MB8GA1UdIwQYMBaAFKI+Aiqj +p005tAhNmcwMdTbqJ8M+MGcGA1UdEQRgMF6BJWFkbWluaXN0cmF0b3JAYWRkb20u +c2FtYmEuZXhhbXBsZS5jb22gNQYKKwYBBAGCNxQCA6AnDCVhZG1pbmlzdHJhdG9y +QGFkZG9tLnNhbWJhLmV4YW1wbGUuY29tMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4 +YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRw +Oi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5j +b20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcDAgYKKwYBBAGCNxQCAjANBgkq +hkiG9w0BAQsFAAOCBAEAUz5R0l0saSNb3QUaI/85XVRj5drhS2CMCXxOjtqKu2Nd +vC2g1M6e0s441zJnukqm0R3Ex1Domp5EVhqc9I+5jjmEIdsPYIpgtA9PPDWg0jc9 +iOgKGKenLRnjqtOOGI817z5KlcTTm/TPicJwuYxc74qeelZzE+uLt9nhiFvEYkdC +RY17Lc9xgxtInYSPZWaXYfz2MDToiCo0kUjcerdlvJyYAEznSf5NqVbqh9ZsRjny +mFtWFILynrit/Yk2SIdOXO8/4DX/cl9b4cL92W5AKzWtUAh0lIeJxM3Hq6cZTrry +HYMPsM+c5t9zNojPQpyjcicP979bzGvlIAO1Shzzfa6SQ6q7EwekOnc9NAEA8Ymq +6BsJe7iw4VQD/z2NvjW5E7JZWDJIk/jn1z1JcAFE5ishs3VJrkR6UBW4ZfPDSJbf +yNkq98Uqfixod68teBv8Gtj0i6aGNdLwh+nWMAp2Zfhx6YANHxaGiZKBNNm+m0El +7GWpClayA5FUAiGXmXRhjEou9NCxi/HmJlK89vLgvZZmIsNOUS/DxGVlx5e1Gykj +esB7+0kzoKlqty/zRGtbDCwNdfJQ1YK6mqvgiQq2tYpeGmer2achInVhHtchNhVq +2qg5TZVQK+asxPY4dMnFrM4vs8jUrRink9QavsK+njnmp7EOk9Cez7CsU30IH52l +mCtO9oDk3+pDovlkv4Sy/xyTNmB0CE5b1iSa+KzHgfkqqQAoRBVqMbm1CInIMRUe +j50s0OOoMixoQkEZbEOOacBEAbocxOr0/8hXA7rfP16lA9p1MS4HZ6dcAlXDb48R +9YxWofdLu0bQ5f9owXc9DTUS9UCvzQVcU3T/VODAxhBc6DMGClBHfnE6Nmaq+N6X +Kq6/jW3UOcT9swMdpZxHOYzAs3P4OtY0rElPs4d0ESCPwKokpzAgDMDZHETursi4 +E2Pl+F6PsFpGxYM9QWIG5GKmCkDMjlmtijZOIObyMgRu7k59l4jc6nSQxKuotbxs +gbFkd6aTNETkYDixDCspOkr3F9c6yEJ+201fCZKubJDhfZ+WnBqCvUUCdili5bkU +UwFTwFrVNFN6JUk+PdsZfilXgHhn6iE+PVk24IvadVebyJ2hGBjiXDU1nmIs9Q/A +j1UWpdSezQ54h51T0wHhGGE2HAbDOkPzihPmTlIy/UYhzWIYH6718hrqegE7oT8d +FgCRXpR49GAzVKn8HAp1+Req3RKRZkvw0WAl1AbRmZzFZAFLutlmupz3aHX9ETrr +bvuPpheKzbwaWfmpzTPbfXEmfce+3usuwH7bKQgOgmMejI/mIRyxSROe33g7aAEX +D9+XllgySB5c//rbkLUFhGj9fMClNdl1HurMJSU/bg== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/04.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/04.pem new file mode 100644 index 0000000..730b824 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/04.pem @@ -0,0 +1,168 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Jun 3 19:30:29 2016 GMT + Not After : May 29 19:30:29 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dd:c4:48:44:a5:e9:6b:b4:41:03:6a:dc:34:1f: + d6:41:ce:f7:cb:b2:44:a7:a3:0e:89:16:ff:0d:62: + 23:e0:8b:24:db:82:82:68:29:22:1b:57:44:12:c6: + ea:10:2d:6f:3a:4b:75:b1:2e:76:62:01:62:ff:ba: + 3d:67:e1:39:0d:12:38:b0:fc:b3:e5:0e:dd:77:73: + 2b:99:25:86:d5:15:84:08:be:b0:8b:38:d7:64:9d: + d6:e7:dc:4d:9a:fb:ea:17:41:bb:d1:cf:1a:b9:5b: + 0b:8a:e5:8c:5a:b7:2d:ab:bd:f7:c3:91:ae:26:c2: + e3:97:27:ea:3f:be:c9:22:af:d6:76:35:45:b0:72: + 86:f2:bd:bf:e2:d3:e3:e3:68:52:26:db:f0:a6:6a: + 0e:63:05:9b:17:6d:13:ee:c4:15:41:96:27:06:90: + fd:10:b5:f9:6c:74:be:b0:a8:bb:70:f7:a2:25:da: + f7:f1:91:c2:69:6c:40:c4:63:e8:06:83:e0:1d:b7: + 2b:29:d3:75:d1:df:c1:d2:90:af:b9:81:47:78:f3: + f1:1a:c9:20:e3:1b:6f:e4:fd:2e:0b:65:a7:6f:b1: + b2:a0:d3:e3:d2:2f:2b:ef:fd:01:5b:27:e7:1b:c1: + 0e:bc:bd:f0:7b:b2:34:a9:9b:4d:2c:c8:65:33:c8: + 33:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@samba.example.com + X509v3 Subject Key Identifier: + E9:67:66:B8:3D:F1:39:AB:1A:4D:00:9D:EC:CE:FF:4B:50:D8:5D:A2 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 88:3e:f3:98:08:ef:cd:53:3a:07:d5:1c:fd:26:7c:f1:96:2e: + b9:06:87:f2:5b:e2:be:d1:04:6e:38:59:14:49:9d:46:ef:7e: + 6c:08:02:3e:18:09:09:61:a8:1d:a9:da:59:40:58:5f:d2:ca: + 4f:76:0e:7e:01:db:05:03:fb:78:c7:89:86:aa:1b:dc:02:bb: + 86:a5:02:7c:01:54:dd:ad:e0:43:c5:d9:ec:86:c2:47:b5:5a: + 1c:8c:06:0e:fe:11:ad:a5:57:37:f5:0a:35:65:a4:f2:27:14: + 2f:bf:53:48:66:e1:da:b9:58:95:a2:d1:95:9c:ae:0a:ca:29: + a6:ef:7a:58:74:86:40:ea:2a:c6:18:9f:1a:d9:70:e2:a8:aa: + 8d:f1:22:bf:b6:e4:61:d4:21:ee:bf:17:e1:aa:d1:cf:0b:35: + 82:c7:3f:a1:be:d1:a5:bd:4e:04:0d:cf:11:2d:d6:0c:7e:47: + 5c:5e:84:d2:10:60:7e:97:d7:52:be:a1:cd:2d:85:da:b2:dd: + 68:88:12:a4:88:5f:16:0c:ae:6f:60:7f:da:58:5f:91:bd:8d: + 15:20:c2:74:94:0b:93:65:80:7c:77:15:a2:70:bb:98:be:41: + 1a:2e:c5:78:52:64:e7:44:03:3f:64:97:10:a9:1b:17:f3:79: + f9:51:0c:4c:58:e7:03:e7:bb:fd:34:ff:c0:4a:ad:b1:7a:ba: + 97:3c:f8:e0:9e:30:3d:e7:5f:be:ac:6a:b3:c1:1e:50:7c:cd: + ce:18:bd:96:73:fb:9c:90:e7:ae:e0:be:c5:65:29:9a:1c:da: + c3:64:2a:99:dc:93:61:32:9a:70:1a:45:83:72:38:0f:57:de: + 0d:f5:64:71:97:de:b5:64:99:43:30:6d:3f:25:82:b5:3e:a1: + ba:39:d2:fc:b8:df:7e:57:da:fc:be:c2:84:2e:99:41:52:a2: + 18:f4:99:c7:e2:b9:af:2a:84:32:5c:cb:ba:26:86:6b:8e:58: + 30:d8:4f:5b:60:34:fd:30:de:c5:a0:7a:8c:e7:34:2b:bc:81: + 6d:4c:a8:b5:ba:b5:52:b9:42:e5:d8:7e:be:31:a3:8e:b0:c3: + f6:16:28:92:e7:9d:3f:c8:cf:a0:4a:b0:3a:ae:75:59:ab:19: + 91:e4:2e:76:57:3f:58:88:5f:2e:7b:c5:8f:11:25:0f:cd:8f: + e3:91:80:2f:d4:7b:5a:80:c3:c9:7c:0a:aa:01:bf:5c:8c:0e: + 57:84:bf:72:ad:7b:0a:b9:95:27:0f:aa:9b:96:08:8e:bb:63: + 56:5a:1d:ad:0c:5b:1c:04:38:ae:2b:88:d4:d1:68:20:f2:a0: + 9b:77:9c:95:db:17:cb:cf:79:4a:13:66:c9:34:36:f6:c6:f9: + 8b:4b:92:5e:59:a3:5d:75:4e:fa:f2:fa:d5:d9:66:80:82:a4: + 8d:e2:d8:b6:ed:c5:a3:ca:a2:70:64:9c:b9:1c:49:b2:2f:46: + b3:13:3b:88:a7:5a:8e:22:b7:90:f5:74:27:21:06:a4:94:bb: + b1:cb:e7:e4:92:f0:e9:80:15:94:82:1a:97:34:d0:cf:aa:37: + b1:27:a5:38:39:7c:8d:ba:a1:12:dd:30:48:44:90:0c:35:0f: + cc:e6:13:e7:c9:06:36:1d:b0:c9:be:28:0f:47:1c:b0:47:a3: + 20:d1:bb:a1:85:1a:80:c2:9b:70:61:9f:a7:82:46:3c:80:28: + 0c:17:f6:fc:75:83:be:ff:5c:da:bc:be:2c:65:a6:c0:fc:c1: + 32:ae:9a:bf:d1:7c:fb:b3:26:3b:77:03:fe:a9:e9:ae:4c:72: + 58:a9:6e:ce:ad:c0:1f:30:b2:06:32:65:af:5f:db:3d:2b:ab: + c5:46:5c:0a:df:50:b5:7e:31:c8:b0:7e:50:e2:aa:d8:01:8e: + ea:e7:3c:8b:90:73:de:77:9f:47:ea:af:16:0d:a5:c0:89:6f: + 86:a4:84:f7:1f:03:fd:7d:f8:a8:7d:9c:9a:f1:13:c8:d5:5b: + 9c:2f:71:c1:c0:c2:17:89:39:6d:28:2d:20:31:ca:60:cf:7f: + 78:42:5c:a3:28:76:19:a8:ca:e6:07:22:6d:7f:04:b1:20:ab: + 70:40:33:e9:a3:fa:da:b5:7c:ee:70:0b:c6:a2:6a:90:1a:10: + fe:8a:9b:56:5c:44:85:f1:b4:41:67:0b:c1:a3:68:2f:ff:b1: + 48:f3:38:4b:28:4e:52:36:0c:9b:37:aa:7e:82:63:c3:61:33: + a9:05:b3:af:13:07:b3:9e:4d:4c:3c:c4:47:34:ce:f3:6e:55: + 69:d7:af:dc:e4:82:34:9b:fe:cc:d9:db:1f:08:3e:3c:3a:9b: + ac:a7:7e:61:3f:5f:01:0c:d8:f3:63:31:31:07:e2:05:84:30: + 65:f4:b0:a6:cc:ad:63:fe:06:db:d7:e9:2f:9d:db:2c:64:af: + d6:d1:cc:9e:c3:11:09:ad:7d:e2:06:6d:21:ad:a5:4f:a6:87: + 9b:ee:db:6c:e9:69:a7:6a:eb:93:67:e2:e9:6f:23:f8:2e:95: + 78:5f:a8:66:ae:7e:2c:5e:6b:07:3e:02:ad:20:af:61:9c:0e: + 1d:c6:7a:31:5a:33:bd:61:1a:67:5b:a9:42:3c:17:67:f8:dd: + 80:e3:ab:62:a0:42:53:33:1f:f7:79:ea:32:d1:26:dd:bb:c6: + 26:aa:2c:ac:16:7e:24:b4:ae:7d:ce:77:e8:5f:2d:97 +-----BEGIN CERTIFICATE----- +MIII2jCCBMKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2 +MDMxOTMwMjlaFw0zNjA1MjkxOTMwMjlaMIGZMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxITAfBgNVBAMMGHBraW5pdEBzYW1iYS5leGFtcGxlLmNvbTEnMCUG +CSqGSIb3DQEJARYYcGtpbml0QHNhbWJhLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cRIRKXpa7RBA2rcNB/WQc73y7JEp6MOiRb/ +DWIj4Isk24KCaCkiG1dEEsbqEC1vOkt1sS52YgFi/7o9Z+E5DRI4sPyz5Q7dd3Mr +mSWG1RWECL6wizjXZJ3W59xNmvvqF0G70c8auVsLiuWMWrctq733w5GuJsLjlyfq +P77JIq/WdjVFsHKG8r2/4tPj42hSJtvwpmoOYwWbF20T7sQVQZYnBpD9ELX5bHS+ +sKi7cPeiJdr38ZHCaWxAxGPoBoPgHbcrKdN10d/B0pCvuYFHePPxGskg4xtv5P0u +C2Wnb7GyoNPj0i8r7/0BWyfnG8EOvL3we7I0qZtNLMhlM8gzFwIDAQABo4IB/DCC +AfgwCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vd3d3LnNhbWJh +LmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAR +BglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMEgGCWCGSAGG+EIBDQQ7FjlT +bWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2luaXRAc2FtYmEuZXhh +bXBsZS5jb20wHQYDVR0OBBYEFOlnZrg98TmrGk0AnezO/0tQ2F2iMB8GA1UdIwQY +MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+ME0GA1UdEQRGMESBGHBraW5pdEBzYW1i +YS5leGFtcGxlLmNvbaAoBgorBgEEAYI3FAIDoBoMGHBraW5pdEBzYW1iYS5leGFt +cGxlLmNvbTAxBgNVHRIEKjAogSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5l +eGFtcGxlLmNvbTBNBglghkgBhvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFt +cGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0l +BBgwFgYIKwYBBQUHAwIGCisGAQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAIg+ +85gI781TOgfVHP0mfPGWLrkGh/Jb4r7RBG44WRRJnUbvfmwIAj4YCQlhqB2p2llA +WF/Syk92Dn4B2wUD+3jHiYaqG9wCu4alAnwBVN2t4EPF2eyGwke1WhyMBg7+Ea2l +Vzf1CjVlpPInFC+/U0hm4dq5WJWi0ZWcrgrKKabvelh0hkDqKsYYnxrZcOKoqo3x +Ir+25GHUIe6/F+Gq0c8LNYLHP6G+0aW9TgQNzxEt1gx+R1xehNIQYH6X11K+oc0t +hdqy3WiIEqSIXxYMrm9gf9pYX5G9jRUgwnSUC5NlgHx3FaJwu5i+QRouxXhSZOdE +Az9klxCpGxfzeflRDExY5wPnu/00/8BKrbF6upc8+OCeMD3nX76sarPBHlB8zc4Y +vZZz+5yQ567gvsVlKZoc2sNkKpnck2EymnAaRYNyOA9X3g31ZHGX3rVkmUMwbT8l +grU+obo50vy4335X2vy+woQumUFSohj0mcfiua8qhDJcy7omhmuOWDDYT1tgNP0w +3sWgeoznNCu8gW1MqLW6tVK5QuXYfr4xo46ww/YWKJLnnT/Iz6BKsDqudVmrGZHk +LnZXP1iIXy57xY8RJQ/Nj+ORgC/Ue1qAw8l8CqoBv1yMDleEv3Ktewq5lScPqpuW +CI67Y1ZaHa0MWxwEOK4riNTRaCDyoJt3nJXbF8vPeUoTZsk0NvbG+YtLkl5Zo111 +Tvry+tXZZoCCpI3i2LbtxaPKonBknLkcSbIvRrMTO4inWo4it5D1dCchBqSUu7HL +5+SS8OmAFZSCGpc00M+qN7EnpTg5fI26oRLdMEhEkAw1D8zmE+fJBjYdsMm+KA9H +HLBHoyDRu6GFGoDCm3Bhn6eCRjyAKAwX9vx1g77/XNq8vixlpsD8wTKumr/RfPuz +Jjt3A/6p6a5Mclipbs6twB8wsgYyZa9f2z0rq8VGXArfULV+MciwflDiqtgBjurn +PIuQc953n0fqrxYNpcCJb4akhPcfA/19+Kh9nJrxE8jVW5wvccHAwheJOW0oLSAx +ymDPf3hCXKModhmoyuYHIm1/BLEgq3BAM+mj+tq1fO5wC8aiapAaEP6Km1ZcRIXx +tEFnC8GjaC//sUjzOEsoTlI2DJs3qn6CY8NhM6kFs68TB7OeTUw8xEc0zvNuVWnX +r9zkgjSb/szZ2x8IPjw6m6ynfmE/XwEM2PNjMTEH4gWEMGX0sKbMrWP+BtvX6S+d +2yxkr9bRzJ7DEQmtfeIGbSGtpU+mh5vu22zpaadq65Nn4ulvI/gulXhfqGaufixe +awc+Aq0gr2GcDh3GejFaM71hGmdbqUI8F2f43YDjq2KgQlMzH/d56jLRJt27xiaq +LKwWfiS0rn3Od+hfLZc= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/05.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/05.pem new file mode 100644 index 0000000..997dfd3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/05.pem @@ -0,0 +1,168 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Jun 3 19:30:47 2016 GMT + Not After : May 29 19:30:47 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b3:a4:e8:bd:c8:4f:6a:71:c6:15:a8:dd:00:d6: + 61:74:00:e4:8f:b5:c4:0e:98:d9:51:aa:aa:4f:c7: + 8c:f9:6c:37:5c:60:55:da:7c:55:9c:d3:cd:e2:f1: + ed:51:39:25:d5:fa:69:7e:a7:67:9c:a9:61:1b:5c: + 73:50:d0:6f:ba:ce:3a:df:fe:ae:95:95:8e:97:ab: + c6:bb:6a:c3:60:0b:ca:c2:9c:31:ff:c6:2f:52:bb: + cb:2f:f6:2c:4d:be:20:e1:16:49:d3:22:36:66:4f: + 5c:c4:30:12:07:34:8b:00:4e:5b:51:7d:40:35:81: + dc:5c:0e:af:be:78:63:80:69:67:87:53:97:d0:3f: + d7:66:8d:26:8a:0a:24:95:f9:db:dd:93:0e:48:54: + c8:30:e4:77:0d:65:ef:a4:6a:de:29:91:77:97:40: + 5c:2e:ed:35:5e:b9:0f:37:ad:d9:70:76:99:77:45: + 8c:4a:65:63:13:72:d5:c4:53:37:57:85:0a:6d:74: + 30:8c:69:7f:83:f0:7f:f5:67:05:79:80:27:d4:38: + 6d:49:2f:8d:2a:97:2e:33:1f:d0:e0:c1:76:1b:bf: + bf:b1:75:8a:c9:b1:3f:3f:f2:4e:c5:b0:68:5e:76: + 8a:7e:9c:57:b2:ec:3d:18:83:e2:65:d5:30:5e:b5: + f4:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom.samba.example.com + X509v3 Subject Key Identifier: + 3E:81:65:A1:E3:7E:18:BE:80:FE:15:93:CC:20:15:FD:08:D4:A4:3D + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 7b:47:4c:55:7c:77:8b:8f:ca:23:3e:51:6a:51:c1:49:44:0d: + 72:56:27:79:f7:54:48:ef:74:37:5e:2a:33:68:dc:04:8a:de: + b2:8e:7b:26:6f:67:f5:bc:0a:e1:ec:74:12:86:5a:6b:56:7d: + 75:24:d0:df:c7:1e:c4:28:e8:a5:c0:e5:3a:a0:74:f8:95:70: + 61:44:a1:9c:e3:54:d8:cf:1b:e2:2f:35:d3:ca:1a:5f:07:e9: + ce:fe:79:e1:20:ac:9e:94:74:a5:80:2e:38:75:bc:bc:d7:2d: + e0:54:c1:17:9a:8e:07:42:7e:5f:2e:17:93:63:ab:ae:ed:c6: + 29:0f:91:c8:8a:99:ad:21:5b:52:a7:dd:0c:2f:32:dc:0d:36: + 9c:98:02:aa:eb:8f:2d:3a:86:1a:cf:f8:f5:da:0b:70:7e:14: + 9c:79:bc:8a:6c:c7:06:8d:3e:3b:26:2a:50:a1:05:ca:47:79: + d1:ba:55:06:cd:d2:3a:10:27:8d:cb:ee:b4:f7:90:ff:f2:fb: + 67:f0:73:0b:4f:51:5e:0b:8d:e4:94:cb:da:56:2d:18:91:b8: + 51:0f:ee:48:99:cc:ae:8b:6b:ac:d8:38:1e:5e:5e:d9:1a:29: + 52:04:52:49:49:30:60:3b:fa:4e:c9:0c:a0:67:20:e1:4a:9f: + 84:44:c8:ca:35:d5:28:a6:06:7e:dc:c3:81:8d:40:12:3d:ae: + 0d:51:42:5a:16:92:78:2e:70:0b:ba:7f:8e:52:b7:2e:a8:f1: + 72:32:ba:6f:30:92:1e:40:0f:bf:09:14:5b:63:c6:1d:b3:ac: + eb:e7:69:f0:1b:3c:b8:4a:ec:a2:22:e2:58:ad:ef:22:77:9c: + e2:51:ec:38:bf:47:d8:1e:43:77:61:3d:60:54:c7:ba:6a:be: + 87:ea:f7:9e:46:74:90:70:c3:d9:74:21:be:90:78:12:2f:30: + d2:56:3b:9a:24:27:17:1b:d0:8c:49:e7:65:a8:d2:d9:0f:f8: + e9:5e:51:8c:97:cf:90:37:e5:ad:dc:88:ac:c1:54:57:7a:9a: + f4:5a:80:25:85:7c:d0:b7:17:03:8c:b3:43:20:59:c7:f3:68: + 72:f5:53:75:df:a0:00:12:f0:28:d5:dc:70:ec:9e:c2:33:bd: + 73:e9:8c:62:b8:2f:0d:55:a3:3d:d2:21:59:4f:3a:d7:50:aa: + 43:72:25:05:a0:2f:e0:f1:79:59:2a:57:e6:b9:91:21:b9:9f: + 07:f9:49:fc:d7:97:f7:be:a7:81:69:ac:6c:9a:7c:25:5e:6b: + 48:37:90:89:ac:37:02:b5:be:41:01:56:93:71:f4:e9:75:3c: + aa:0a:9b:d6:a3:09:64:51:30:d7:2c:1a:dd:bc:83:2e:45:b5: + 90:a5:ad:16:ba:18:56:1c:88:73:b5:ee:77:6d:65:3e:11:dc: + 36:45:6a:08:99:5d:24:86:93:da:45:95:2a:de:80:96:2e:db: + d7:87:b3:f1:70:3c:b5:56:eb:ca:62:dc:3c:49:84:3c:f8:6d: + d9:44:e0:81:33:5e:f7:22:27:8b:09:05:12:a6:c1:79:56:c7: + 7f:e2:80:d6:ab:4d:e5:1a:ff:ae:9a:fd:3b:7b:aa:15:ca:10: + c2:6a:98:c4:70:63:6e:7d:94:8e:87:0a:24:bd:b1:59:85:67: + 5b:e8:2e:ff:d7:43:8c:46:06:1a:a8:ba:72:e7:0d:ef:5f:6c: + 2d:5c:14:56:ad:5d:56:a5:21:09:7b:16:44:4a:74:9d:1a:03: + aa:1a:41:29:e5:78:e4:7c:9e:53:18:61:d8:5a:d1:e8:a8:0e: + f4:d3:40:d6:6b:cd:c9:e4:a3:3d:51:54:c3:d6:09:4c:48:9e: + 34:2a:23:ad:83:ab:9a:99:c2:bf:7b:85:98:d7:b6:21:fc:c4: + 17:6c:56:46:95:98:da:e8:6c:f3:67:4e:33:fc:68:b8:af:86: + 07:8b:8e:f3:16:2c:ec:82:e7:b8:47:64:5c:f5:bd:37:75:b5: + 94:d3:09:3c:3d:6a:6d:47:81:e0:1b:df:5e:d7:6c:92:7d:23: + 91:3e:29:06:21:5b:52:62:47:87:e8:7e:20:ab:fa:cb:3f:9e: + ab:7e:55:7e:d2:76:7d:3e:ce:49:f5:ad:a1:f8:13:ba:9a:d6: + 54:bb:e9:f0:e0:a6:77:27:95:33:84:48:ff:29:87:fc:65:94: + d4:56:44:88:fc:40:0a:64:32:15:13:36:bf:fb:10:65:35:94: + 66:ad:d7:e4:16:08:c5:8b:2f:c7:a1:14:99:60:69:66:39:3f: + 8d:f3:d3:46:ae:c9:ad:85:94:9b:06:6f:7e:f9:84:b4:e7:fb: + 7c:79:1b:75:00:f7:10:19:86:57:48:ea:d5:24:eb:f5:d6:42: + 43:73:36:db:9a:15:73:01:75:db:e5:4f:d0:68:3a:3b:35:ce: + 19:ab:08:e8:75:c4:7d:b0:d8:c9:64:f9:de:e4:ae:df:a5:24: + 19:dd:b8:d1:88:40:48:2a:13:6c:ad:72:23:46:45:2c:78:0c: + d4:68:15:11:7f:e2:47:2d:ce:d0:ce:ae:43:8b:08:af:42:12: + 85:6f:4d:8b:39:e0:a1:d9:65:08:b1:dc:00:e2:e8:f0:e1:f6: + 8f:21:8e:81:cd:de:8a:d0:92:58:22:d0:b0:29:fa:f8:98:6f: + c6:e0:68:37:b4:57:90:c2:c4:7c:38:64:51:d7:61:5a +-----BEGIN CERTIFICATE----- +MIII+DCCBOCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2 +MDMxOTMwNDdaFw0zNjA1MjkxOTMwNDdaMIGlMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxJzAlBgNVBAMMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNv +bTEtMCsGCSqGSIb3DQEJARYecGtpbml0QGFkZG9tLnNhbWJhLmV4YW1wbGUuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6TovchPanHGFajdANZh +dADkj7XEDpjZUaqqT8eM+Ww3XGBV2nxVnNPN4vHtUTkl1fppfqdnnKlhG1xzUNBv +us463/6ulZWOl6vGu2rDYAvKwpwx/8YvUrvLL/YsTb4g4RZJ0yI2Zk9cxDASBzSL +AE5bUX1ANYHcXA6vvnhjgGlnh1OX0D/XZo0migoklfnb3ZMOSFTIMOR3DWXvpGre +KZF3l0BcLu01XrkPN63ZcHaZd0WMSmVjE3LVxFM3V4UKbXQwjGl/g/B/9WcFeYAn +1DhtSS+NKpcuMx/Q4MF2G7+/sXWKybE/P/JOxbBoXnaKfpxXsuw9GIPiZdUwXrX0 +xwIDAQABo4ICDjCCAgowCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRw +Oi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5j +b20tY3JsLmNybDARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgME4GCWCG +SAGG+EIBDQRBFj9TbWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2lu +aXRAYWRkb20uc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFD6BZaHjfhi+gP4V +k8wgFf0I1KQ9MB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFkGA1Ud +EQRSMFCBHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbaAuBgorBgEEAYI3 +FAIDoCAMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbTAxBgNVHRIEKjAo +gSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTBNBglghkgB +hvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNh +bWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0lBBgwFgYIKwYBBQUHAwIGCisG +AQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAHtHTFV8d4uPyiM+UWpRwUlEDXJW +J3n3VEjvdDdeKjNo3ASK3rKOeyZvZ/W8CuHsdBKGWmtWfXUk0N/HHsQo6KXA5Tqg +dPiVcGFEoZzjVNjPG+IvNdPKGl8H6c7+eeEgrJ6UdKWALjh1vLzXLeBUwReajgdC +fl8uF5Njq67txikPkciKma0hW1Kn3QwvMtwNNpyYAqrrjy06hhrP+PXaC3B+FJx5 +vIpsxwaNPjsmKlChBcpHedG6VQbN0joQJ43L7rT3kP/y+2fwcwtPUV4LjeSUy9pW +LRiRuFEP7kiZzK6La6zYOB5eXtkaKVIEUklJMGA7+k7JDKBnIOFKn4REyMo11Sim +Bn7cw4GNQBI9rg1RQloWkngucAu6f45Sty6o8XIyum8wkh5AD78JFFtjxh2zrOvn +afAbPLhK7KIi4lit7yJ3nOJR7Di/R9geQ3dhPWBUx7pqvofq955GdJBww9l0Ib6Q +eBIvMNJWO5okJxcb0IxJ52Wo0tkP+OleUYyXz5A35a3ciKzBVFd6mvRagCWFfNC3 +FwOMs0MgWcfzaHL1U3XfoAAS8CjV3HDsnsIzvXPpjGK4Lw1Voz3SIVlPOtdQqkNy +JQWgL+DxeVkqV+a5kSG5nwf5SfzXl/e+p4FprGyafCVea0g3kImsNwK1vkEBVpNx +9Ol1PKoKm9ajCWRRMNcsGt28gy5FtZClrRa6GFYciHO17ndtZT4R3DZFagiZXSSG +k9pFlSregJYu29eHs/FwPLVW68pi3DxJhDz4bdlE4IEzXvciJ4sJBRKmwXlWx3/i +gNarTeUa/66a/Tt7qhXKEMJqmMRwY259lI6HCiS9sVmFZ1voLv/XQ4xGBhqounLn +De9fbC1cFFatXValIQl7FkRKdJ0aA6oaQSnleOR8nlMYYdha0eioDvTTQNZrzcnk +oz1RVMPWCUxInjQqI62Dq5qZwr97hZjXtiH8xBdsVkaVmNrobPNnTjP8aLivhgeL +jvMWLOyC57hHZFz1vTd1tZTTCTw9am1HgeAb317XbJJ9I5E+KQYhW1JiR4fofiCr ++ss/nqt+VX7Sdn0+zkn1raH4E7qa1lS76fDgpncnlTOESP8ph/xllNRWRIj8QApk +MhUTNr/7EGU1lGat1+QWCMWLL8ehFJlgaWY5P43z00auya2FlJsGb375hLTn+3x5 +G3UA9xAZhldI6tUk6/XWQkNzNtuaFXMBddvlT9BoOjs1zhmrCOh1xH2w2Mlk+d7k +rt+lJBnduNGIQEgqE2ytciNGRSx4DNRoFRF/4kctztDOrkOLCK9CEoVvTYs54KHZ +ZQix3ADi6PDh9o8hjoHN3orQklgi0LAp+viYb8bgaDe0V5DCxHw4ZFHXYVo= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem new file mode 100644 index 0000000..6b25079 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/06.pem @@ -0,0 +1,191 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:30:28 2020 GMT + Not After : Feb 23 13:30:28 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Domain Controllers, CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:de:fe:5d:7a:30:99:bb:1e:11:56:ac:b0:d4:01: + 50:30:83:e1:71:0f:aa:3e:1a:b4:f7:9d:ea:93:69: + fc:be:51:19:4c:37:f7:a3:b3:3c:90:13:62:63:14: + 9d:b8:54:66:17:65:4a:67:8e:ce:96:7f:4d:c2:c6: + 6e:fd:3c:ae:bb:e2:5b:6c:ee:51:7b:db:37:17:94: + 99:02:3a:2f:a9:cb:d0:23:29:b7:43:33:08:fc:3f: + 15:3b:ed:3c:eb:69:5b:95:45:18:1e:85:5e:aa:31: + b6:3e:18:c8:2f:3a:48:2d:cc:c6:69:28:b6:5c:ac: + 24:03:b1:83:e8:e6:96:a7:06:6d:fe:73:13:04:d2: + 18:0f:d4:72:f7:88:22:40:5b:ab:68:a4:89:e2:3d: + c0:ca:e5:a7:ae:b6:f8:ea:8a:8c:39:9c:6d:1b:89: + ab:72:2c:04:27:40:7e:f5:d3:3f:5d:d8:0d:71:67: + 65:1d:e3:3d:65:b0:97:7f:14:ad:92:43:2f:3f:04: + ab:1e:31:52:07:7f:df:48:ac:9a:c0:28:d1:ab:eb: + f2:79:b3:d2:44:5f:e8:2d:92:d7:d8:be:03:fe:db: + 55:2b:4b:f8:9c:b4:ce:02:78:07:72:0f:d5:32:cd: + 01:1e:3d:b2:6e:25:29:fa:09:49:49:ab:ed:dc:2b: + 10:c5:3d:19:3c:c4:1e:da:ee:95:c2:ff:f8:50:b4: + f7:47:9a:a4:7d:1c:9a:8d:77:da:b6:a2:e6:4f:cd: + 80:b9:b1:f2:1d:dc:90:60:37:6f:39:5e:a6:03:e2: + 8b:44:d7:a4:45:fd:7e:4f:43:14:f0:68:0d:e6:84: + 8f:21:20:53:f6:b4:67:bd:fc:5d:f4:48:2a:95:1d: + 7d:79:ba:a1:ee:b8:f0:83:83:7f:ab:b1:eb:38:4e: + 3c:4b:8a:93:80:15:63:4c:43:1d:81:4b:c1:e6:d5: + b0:9f:6c:49:9d:04:92:66:6c:9f:7c:d3:62:50:72: + fc:77:65:87:39:d9:d0:ef:5e:53:49:32:4a:d3:1b: + 4a:88:45:f0:0f:a2:5e:33:29:bd:ab:3d:6b:3d:23: + bc:c6:9c:9d:98:9c:9d:8d:cc:32:3e:e1:8c:98:19: + 1c:44:ee:17:43:b3:b0:47:a5:fe:15:49:aa:5a:b7: + 76:43:4c:df:9a:e8:33:3d:52:e8:6c:2c:dd:3e:d8: + a9:e9:2d:36:c2:3a:43:75:b2:bc:d5:bd:81:8b:fc: + 63:37:61:88:24:bb:76:35:19:00:44:7a:3e:30:a8: + 9e:8f:df:74:14:09:0b:f5:8b:c9:b0:ed:be:d0:cf: + c0:7f:61:41:07:f8:6c:7d:0a:05:96:4f:6e:5f:cc: + 40:f3:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Server + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Domain Controller Certificate addcsmb1.addom2.samba.example.com + X509v3 Subject Key Identifier: + 5B:85:11:27:BF:F7:A6:2B:8F:51:93:D8:29:4E:0E:A2:67:AA:9D:80 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + DNS:addcsmb1.addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication, msKDC + Signature Algorithm: sha256WithRSAEncryption + 73:de:7a:35:bc:15:ac:32:44:5b:98:60:64:12:af:ea:42:46: + 7d:fb:b2:88:b3:47:61:c3:0b:6d:d1:68:92:3d:44:cd:37:86: + da:10:d2:18:db:19:29:03:31:1a:26:cd:70:d1:ec:13:ac:59: + 84:cd:be:9f:2b:c6:2d:10:aa:4b:4d:78:39:d3:6b:e1:4d:e8: + 10:a0:3e:97:d3:1c:19:11:e4:0f:26:7f:96:d7:26:17:23:02: + d9:4b:47:0c:af:c7:ef:28:ae:1c:28:e5:d2:7a:61:46:70:3b: + 49:5e:d0:65:54:4c:ae:14:27:c0:e4:17:41:2c:1a:42:0d:86: + 6c:37:48:65:80:02:21:b3:2b:1f:4f:34:a5:ce:7b:b0:fe:06: + a6:fe:c5:1b:ca:e5:e6:7e:d5:dc:01:d2:50:c4:f8:5e:73:6c: + 2c:56:81:d0:a4:73:bf:82:cb:d8:76:ca:7e:44:99:3a:5f:a9: + 97:89:a8:5c:5b:1b:38:0d:4d:cb:02:49:69:82:13:68:a6:be: + 4b:a3:57:a6:a6:e3:f0:dc:ad:1c:30:00:bf:ed:15:ca:c3:3d: + 5c:7b:dc:6d:e6:cb:bb:bc:a1:22:e7:32:95:e0:0f:6a:ab:40: + 0c:43:ed:f3:98:63:7c:2f:15:63:49:4e:5c:82:65:13:f2:53: + 26:d7:4c:c6:f8:7e:fa:bc:a8:22:44:f1:fb:a6:bb:27:64:ec: + 94:28:19:4a:af:09:7e:01:8e:9d:3e:43:e5:79:fd:16:ed:24: + b4:ab:58:02:e2:9e:f8:a1:b0:45:25:6d:2f:be:bb:88:90:c7: + d8:45:31:48:65:26:33:86:cc:46:69:53:6b:f1:d6:35:df:b1: + 39:ed:81:e1:23:f1:01:de:99:10:11:f0:3f:4d:5d:d3:8a:0c: + 44:78:f6:27:4a:32:1d:ab:0c:63:d0:71:25:62:67:f5:0c:7e: + 2c:7c:a4:ec:8d:de:00:6d:5f:69:5d:bf:e6:c7:59:75:87:5e: + 2c:12:dc:a5:1b:dd:c1:7a:c9:56:63:6a:3b:c6:9a:b7:fc:15: + 01:53:4d:c8:ca:c7:c8:81:50:a0:65:43:33:fb:aa:55:64:a0: + c3:2e:e2:f9:08:64:e5:75:ab:98:b3:38:ba:8d:53:e8:08:47: + ef:cf:a9:f2:16:25:1b:20:78:2d:6f:f5:83:ee:35:d4:b5:c5: + d6:d7:81:17:bf:9c:45:43:d1:88:74:22:1a:32:b2:45:73:a2: + 28:d4:da:ff:85:f9:75:1c:4f:84:6a:a5:1a:41:eb:8b:e0:1d: + 49:69:07:2f:5b:5e:e3:7b:00:f8:4b:67:5b:42:d7:51:de:1c: + 18:89:2f:f8:36:e7:b5:a3:6c:39:e3:88:dc:5d:7f:2f:d9:52: + b6:6b:9c:e9:1d:df:d0:18:68:25:70:7e:71:fb:b3:40:28:75: + e9:24:38:6f:70:5b:1a:f9:bf:e9:43:bd:4b:51:e3:df:e3:25: + 11:ae:30:4e:7e:55:58:43:b3:65:05:11:2d:0e:a4:3c:b8:8a: + 0c:f9:93:ab:27:28:c0:b2:17:76:52:9b:18:82:b7:fd:a6:4f: + 6e:a1:74:2b:19:59:ac:b1:d8:5e:fb:f3:69:37:16:59:01:4c: + fa:a9:57:52:04:d4:45:8f:10:08:8a:ab:88:aa:96:46:9a:aa: + 94:b5:c6:bf:e9:9e:9a:cd:40:f3:2a:ed:23:ff:a6:f7:9b:18: + 02:d9:ab:76:96:ac:15:6f:04:5d:92:d2:49:4c:4b:62:da:3d: + 2a:a4:59:22:1a:75:cd:6e:fb:62:50:da:ae:9d:28:7d:4d:32: + 2f:d8:cd:37:67:f9:1d:c1:d5:76:40:ba:34:f6:8c:92:5b:c0: + 65:f6:3c:90:6c:5b:67:09:0d:d3:14:90:38:03:82:06:c3:b7: + 85:74:7f:15:f4:5b:de:66:5f:71:a9:f1:ed:15:9b:a0:72:ee: + 05:d7:b3:92:30:65:2e:82:90:21:fe:f0:07:34:11:d3:87:41: + f4:35:04:0c:b4:28:f5:73:b8:d5:0e:e3:2a:53:ab:9a:3f:4d: + 59:f9:18:68:f0:31:90:1d:d6:25:c6:8b:33:e8:dc:06:93:7b: + cb:01:de:8b:1e:87:5a:26:a0:0d:5e:f6:6a:36:43:54:53:6d: + 87:10:ca:a8:15:1a:4a:37:95:a5:67:93:74:ba:c3:59:9b:f8: + b5:ab:10:98:fc:ff:d6:d2:61:17:5d:90:7e:b1:2a:16:ec:d5: + da:80:67:02:13:41:d7:bc:a2:af:0b:54:08:b3:2e:1b:05:50: + 80:f6:c7:9a:8c:ac:89:49:4a:f4:4b:71:73:bc:e7:8c:6f:0c: + 70:62:73:3d:ed:07:14:35:f0:15:0c:bb:d8:c3:f6:19:43:b7: + 45:a5:33:80:17:1f:c3:39:28:3d:6a:7c:d6:e0:37:66:58:bd: + e8:64:2c:ad:b7:e0:25:f5:41:ac:ae:cb:ca:c1:eb:5b:8b:e1: + 3d:1e:cc:09:63:d6:6c:c8:eb:b8:ae:6f:4b:02:98:4a:2a:1a: + 94:26:e7:a3:23:7c:e9:e5:02:e0:1f:f5:88:f9:14:74:81:01: + 1d:cd:7e:46:35:7c:1d:e3:64:60:88:a4:ed:86:06:0e:af:3a: + 2b:1d:f8:45:fe:53:8e:56:89:95:98:ff:2c:8a:fb:3a:7a:0c: + 46:6a:3d:32:78:ad:58:69:ba:3b:d5:95:51:55:f3:72 +-----BEGIN CERTIFICATE----- +MIIKAzCCBeugAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMwMjhaFw00MDAyMjMxMzMwMjhaMIG9MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEbMBkGA1UE +CwwSRG9tYWluIENvbnRyb2xsZXJzMSowKAYDVQQDDCFhZGRjc21iMS5hZGRvbTIu +c2FtYmEuZXhhbXBsZS5jb20xNTAzBgkqhkiG9w0BCQEWJmNhLXNhbWJhLmV4YW1w +bGUuY29tQHNhbWJhLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA3v5dejCZux4RVqyw1AFQMIPhcQ+qPhq0953qk2n8vlEZTDf3o7M8 +kBNiYxSduFRmF2VKZ47Oln9NwsZu/Tyuu+JbbO5Re9s3F5SZAjovqcvQIym3QzMI +/D8VO+0862lblUUYHoVeqjG2PhjILzpILczGaSi2XKwkA7GD6OaWpwZt/nMTBNIY +D9Ry94giQFuraKSJ4j3AyuWnrrb46oqMOZxtG4mrciwEJ0B+9dM/XdgNcWdlHeM9 +ZbCXfxStkkMvPwSrHjFSB3/fSKyawCjRq+vyebPSRF/oLZLX2L4D/ttVK0v4nLTO +AngHcg/VMs0BHj2ybiUp+glJSavt3CsQxT0ZPMQe2u6Vwv/4ULT3R5qkfRyajXfa +tqLmT82AubHyHdyQYDdvOV6mA+KLRNekRf1+T0MU8GgN5oSPISBT9rRnvfxd9Egq +lR19ebqh7rjwg4N/q7HrOE48S4qTgBVjTEMdgUvB5tWwn2xJnQSSZmyffNNiUHL8 +d2WHOdnQ715TSTJK0xtKiEXwD6JeMym9qz1rPSO8xpydmJydjcwyPuGMmBkcRO4X +Q7OwR6X+FUmqWrd2Q0zfmugzPVLobCzdPtip6S02wjpDdbK81b2Bi/xjN2GIJLt2 +NRkARHo+MKiej990FAkL9YvJsO2+0M/Af2FBB/hsfQoFlk9uX8xA8/UCAwEAAaOC +AgEwggH9MAkGA1UdEwQCMAAwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3dy5z +YW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5j +cmwwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF4DBOBglghkgBhvhCAQ0E +QRY/RG9tYWluIENvbnRyb2xsZXIgQ2VydGlmaWNhdGUgYWRkY3NtYjEuYWRkb20y +LnNhbWJhLmV4YW1wbGUuY29tMB0GA1UdDgQWBBRbhREnv/emK49Rk9gpTg6iZ6qd +gDAfBgNVHSMEGDAWgBSiPgIqo6dNObQITZnMDHU26ifDPjBFBgNVHREEPjA8giFh +ZGRjc21iMS5hZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gFwYJKwYBBAGCNxkBoAoE +CAEjRWeJq83vMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJh +LmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4 +YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAmBgNV +HSUEHzAdBggrBgEFBQcDAgYIKwYBBQUHAwEGBysGAQUCAwUwDQYJKoZIhvcNAQEL +BQADggQBAHPeejW8FawyRFuYYGQSr+pCRn37soizR2HDC23RaJI9RM03htoQ0hjb +GSkDMRomzXDR7BOsWYTNvp8rxi0QqktNeDnTa+FN6BCgPpfTHBkR5A8mf5bXJhcj +AtlLRwyvx+8orhwo5dJ6YUZwO0le0GVUTK4UJ8DkF0EsGkINhmw3SGWAAiGzKx9P +NKXOe7D+Bqb+xRvK5eZ+1dwB0lDE+F5zbCxWgdCkc7+Cy9h2yn5EmTpfqZeJqFxb +GzgNTcsCSWmCE2imvkujV6am4/DcrRwwAL/tFcrDPVx73G3my7u8oSLnMpXgD2qr +QAxD7fOYY3wvFWNJTlyCZRPyUybXTMb4fvq8qCJE8fumuydk7JQoGUqvCX4Bjp0+ +Q+V5/RbtJLSrWALinvihsEUlbS++u4iQx9hFMUhlJjOGzEZpU2vx1jXfsTntgeEj +8QHemRAR8D9NXdOKDER49idKMh2rDGPQcSViZ/UMfix8pOyN3gBtX2ldv+bHWXWH +XiwS3KUb3cF6yVZjajvGmrf8FQFTTcjKx8iBUKBlQzP7qlVkoMMu4vkIZOV1q5iz +OLqNU+gIR+/PqfIWJRsgeC1v9YPuNdS1xdbXgRe/nEVD0Yh0IhoyskVzoijU2v+F ++XUcT4RqpRpB64vgHUlpBy9bXuN7APhLZ1tC11HeHBiJL/g257WjbDnjiNxdfy/Z +UrZrnOkd39AYaCVwfnH7s0AodekkOG9wWxr5v+lDvUtR49/jJRGuME5+VVhDs2UF +ES0OpDy4igz5k6snKMCyF3ZSmxiCt/2mT26hdCsZWayx2F7782k3FlkBTPqpV1IE +1EWPEAiKq4iqlkaaqpS1xr/pnprNQPMq7SP/pvebGALZq3aWrBVvBF2S0klMS2La +PSqkWSIadc1u+2JQ2q6dKH1NMi/YzTdn+R3B1XZAujT2jJJbwGX2PJBsW2cJDdMU +kDgDggbDt4V0fxX0W95mX3Gp8e0Vm6By7gXXs5IwZS6CkCH+8Ac0EdOHQfQ1BAy0 +KPVzuNUO4ypTq5o/TVn5GGjwMZAd1iXGizPo3AaTe8sB3oseh1omoA1e9mo2Q1RT +bYcQyqgVGko3laVnk3S6w1mb+LWrEJj8/9bSYRddkH6xKhbs1dqAZwITQde8oq8L +VAizLhsFUID2x5qMrIlJSvRLcXO854xvDHBicz3tBxQ18BUMu9jD9hlDt0WlM4AX +H8M5KD1qfNbgN2ZYvehkLK234CX1Qayuy8rB61uL4T0ezAlj1mzI67iub0sCmEoq +GpQm56MjfOnlAuAf9Yj5FHSBAR3NfkY1fB3jZGCIpO2GBg6vOisd+EX+U45WiZWY +/yyK+zp6DEZqPTJ4rVhpujvVlVFV83I= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem new file mode 100644 index 0000000..2d0735a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/07.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:01 2020 GMT + Not After : Feb 23 13:31:01 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:0e:b0:1d:53:4f:3c:0f:f8:90:d6:33:64:68: + 7e:ed:7c:46:96:c6:77:9c:0a:07:ed:8c:13:da:e7: + bb:b3:79:63:4b:ec:5a:2a:59:57:7c:38:69:50:c0: + a1:b4:ba:f8:1d:56:78:77:95:b3:44:13:12:83:df: + 20:95:12:01:e5:1e:1a:5b:38:69:48:86:e8:a6:0a: + 32:f4:38:36:f8:84:bd:5b:a9:70:48:c5:49:25:79: + 70:98:23:a7:58:3e:09:97:6d:67:b1:95:fa:08:86: + 2d:d6:b7:c5:d2:06:aa:5b:b8:f5:93:e6:c5:20:9a: + 9b:0c:90:2b:c7:2e:20:2f:e8:07:45:03:f3:4d:2c: + d9:eb:9c:91:d2:68:cc:fe:57:78:5c:2e:57:5b:a6: + 0e:10:6a:b8:05:ce:ab:12:31:49:e8:34:7c:3f:91: + 63:ce:3e:a6:ff:c0:7b:1b:95:b7:9b:99:a9:c7:ec: + d6:45:b7:9e:24:ee:c0:2b:a3:4c:a2:f9:04:5b:18: + 2f:0e:8b:2b:16:89:5d:cc:92:fa:49:dd:09:92:72: + 14:ba:8f:48:bd:6e:9b:88:14:98:6f:bc:0c:e3:bb: + a9:d1:0a:a8:93:6b:75:70:98:f9:a8:d8:0f:c5:e6: + a9:a4:e5:b3:72:81:76:07:73:c9:3e:d2:43:62:fe: + 1a:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@addom2.samba.example.com + X509v3 Subject Key Identifier: + 54:FB:DA:B4:F9:26:58:9A:8F:C2:D2:0A:95:B0:95:F6:D2:F6:1B:AE + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + a3:8d:f9:4e:77:ba:67:28:63:6e:3e:70:91:64:3f:51:b3:69: + ab:ff:10:04:e4:39:d1:98:bf:7e:c7:da:d3:4e:d5:29:f7:ae: + ca:e2:b1:f7:ea:67:38:7e:bb:a8:55:33:c1:de:79:6a:49:56: + 6a:48:8c:3b:43:8b:03:f4:30:11:ac:ee:88:28:ed:11:6c:37: + 33:13:7f:25:aa:d6:71:99:d2:f8:fb:4f:7a:44:c7:20:78:b2: + 22:44:17:d8:56:10:a2:4c:48:1c:3a:ad:bf:82:d7:e5:e0:66: + e9:ac:a1:11:23:b3:f8:f7:a7:84:5f:b7:d2:30:89:b7:bc:3f: + 9c:61:d8:12:bb:a4:fe:af:53:f9:f7:26:8e:be:9a:79:53:47: + b6:2b:d3:31:60:e1:39:11:11:c3:32:b8:32:d2:e2:6d:8a:05: + ae:f5:7e:f7:03:33:1c:6c:07:8e:81:a4:26:f2:0d:22:af:fe: + 48:12:48:a8:09:e2:98:4e:b9:c5:07:16:5d:a3:b2:73:7c:4c: + a7:3e:24:e9:d8:cc:72:a3:87:dd:c7:69:8d:58:dd:2e:27:69: + 72:b4:fb:62:cf:66:c4:7a:8b:8b:c4:03:16:b6:9d:7f:7b:f5: + 44:c2:04:a7:17:80:9c:f7:32:ba:3a:05:e1:71:28:16:88:6a: + 9c:f8:0e:5e:c9:0b:81:eb:2c:05:3c:4c:ff:ba:72:10:da:99: + 95:e1:ef:d2:dd:95:7d:d0:24:f6:8f:e0:1c:75:25:64:80:0e: + 16:9f:c1:d7:76:7e:45:85:27:a8:85:80:c3:62:40:58:1b:75: + c3:8e:40:0c:d9:f1:5b:a0:6b:1e:47:99:4f:00:11:68:19:93: + 77:4b:1b:56:94:79:95:f6:b8:92:49:14:e0:8f:2b:40:4c:82: + 4c:5b:a0:e2:0f:d4:f3:d1:3c:f3:e6:4c:c4:3d:2a:4c:e8:ca: + 10:c0:39:81:64:db:68:80:12:07:3f:92:7c:e0:09:aa:42:77: + 51:1e:ee:ad:33:c8:8f:f4:f2:35:2b:c7:b7:57:7c:2e:c8:27: + 71:c8:5b:1a:f2:83:fa:4f:85:13:ea:ce:0b:2f:b7:76:86:77: + 00:82:46:2f:bf:1c:b2:de:5d:52:40:64:41:54:0b:9f:8c:84: + d9:dd:08:02:51:d0:06:d0:07:6f:a1:ef:74:f4:d9:f5:30:9c: + 15:c3:d6:89:b7:f5:81:5a:c0:44:3d:99:54:e8:25:56:1f:63: + be:5c:f7:be:f1:9c:24:e0:55:46:c4:a5:7e:3f:82:20:b9:4a: + d6:14:82:45:14:d8:91:75:33:c5:df:86:9c:19:17:a4:31:4a: + 37:a2:9e:b9:11:84:ab:df:bc:21:2b:9b:96:83:b7:1b:13:78: + 07:b2:c5:5f:97:48:3b:7e:43:10:34:68:e8:25:bd:51:a0:ae: + 17:52:62:47:3c:c9:f0:b5:55:95:cd:68:d3:5f:aa:85:be:ea: + fb:2a:8a:e4:50:3d:96:5b:b3:a9:e5:45:e4:2d:da:da:8d:f0: + ae:c0:98:47:8e:ca:46:c2:21:68:a6:f9:17:41:a2:c6:21:b9: + bc:73:a7:c3:84:a9:31:b7:54:04:33:2a:fb:57:32:47:93:e1: + b2:ff:58:5b:f3:19:66:bc:65:8e:00:29:9d:56:60:7d:28:b2: + 6d:a5:a9:eb:04:7c:d3:e7:d7:af:2d:fe:df:1e:9c:3b:a9:bb: + a0:14:e4:02:7f:e6:e7:0a:b2:37:bd:fd:67:32:82:4f:c0:41: + 89:96:9a:f2:9a:04:eb:82:ee:81:8a:00:15:5e:b2:d0:e1:72: + 74:47:2f:97:fb:33:f1:8c:b9:25:8f:02:71:75:b7:21:10:74: + 4f:5f:5f:61:51:4a:69:d1:03:6b:7a:51:e4:08:03:1f:c2:a7: + 2c:c2:10:b8:27:9f:aa:01:15:61:71:72:d6:ca:23:7f:d7:60: + b8:65:51:ca:65:8e:ef:74:2e:fc:89:23:0b:55:b5:83:d7:0b: + 8c:16:ab:1a:be:3a:79:62:b3:6e:64:d1:c2:48:af:81:0e:d4: + 1f:2e:2f:c7:47:16:79:a9:b9:cc:08:29:2e:da:d5:75:96:53: + b1:be:2c:5a:5a:9c:6b:40:16:e5:92:63:49:64:99:44:c1:bc: + 2a:40:fc:3c:50:c3:dd:07:31:ee:1d:46:38:1b:c8:12:a0:16: + 9d:1c:f6:0e:a7:66:8a:b0:2f:11:19:03:1d:66:6f:fe:cc:3a: + 6c:99:ce:60:b7:f1:e9:56:40:4d:fc:ac:eb:a5:04:de:85:7c: + 19:c7:16:c1:e1:26:43:03:da:f3:50:25:16:99:e0:fa:cd:59: + c7:8b:52:cf:fc:20:d0:68:50:b9:83:36:bb:44:7b:1f:92:5f: + f6:19:5b:91:de:33:2c:f9:80:25:b9:30:4c:fa:92:5b:6d:c2: + 65:10:98:1c:c6:61:51:9e:d0:c9:49:1b:c5:c5:8a:89:72:d0: + b7:ff:db:03:f9:95:f2:a0:de:d9:dc:32:c6:20:02:e1:7c:89: + 2d:6e:72:12:12:c3:97:56:eb:7c:58:88:1f:9d:ad:4c:b4:6a: + 97:4b:0c:87:f3:41:bb:2a:ff:a6:bf:90:70:91:9b:b7:b1:e1: + cc:0f:c6:33:a5:05:03:db:f9:fb:79:5c:20:78:f9:1c:88:d4: + 84:bd:2f:9b:12:30:02:36:cd:8a:f3:42:4a:9c:dc:c3 +-----BEGIN CERTIFICATE----- +MIIJIDCCBQigAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMDFaFw00MDAyMjMxMzMxMDFaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxLzAtBgNVBAMMJmFkbWluaXN0cmF0b3JAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AOsOsB1TTzwP+JDWM2Rofu18RpbGd5wKB+2ME9rnu7N5Y0vsWipZV3w4aVDAobS6 ++B1WeHeVs0QTEoPfIJUSAeUeGls4aUiG6KYKMvQ4NviEvVupcEjFSSV5cJgjp1g+ +CZdtZ7GV+giGLda3xdIGqlu49ZPmxSCamwyQK8cuIC/oB0UD800s2euckdJozP5X +eFwuV1umDhBquAXOqxIxSeg0fD+RY84+pv/AexuVt5uZqcfs1kW3niTuwCujTKL5 +BFsYLw6LKxaJXcyS+kndCZJyFLqPSL1um4gUmG+8DOO7qdEKqJNrdXCY+ajYD8Xm +qaTls3KBdgdzyT7SQ2L+GjsCAwEAAaOCAiYwggIiMAkGA1UdEwQCMAAwTwYDVR0f +BEgwRjBEoEKgQIY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NB +LXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwEQYJYIZIAYb4QgEBBAQDAgWgMAsG +A1UdDwQEAwIF4DBWBglghkgBhvhCAQ0ESRZHU21hcnQgQ2FyZCBMb2dpbiBDZXJ0 +aWZpY2F0ZSBmb3IgYWRtaW5pc3RyYXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFFT72rT5Jliaj8LSCpWwlfbS9huuMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MGkGA1UdEQRiMGCBJmFkbWluaXN0cmF0b3JAYWRk +b20yLnNhbWJhLmV4YW1wbGUuY29toDYGCisGAQQBgjcUAgOgKAwmYWRtaW5pc3Ry +YXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wMQYDVR0SBCowKIEmY2Etc2Ft +YmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wTQYJYIZIAYb4QgEEBEAW +Pmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFt +cGxlLmNvbS1jcmwuY3JsMB8GA1UdJQQYMBYGCCsGAQUFBwMCBgorBgEEAYI3FAIC +MA0GCSqGSIb3DQEBCwUAA4IEAQCjjflOd7pnKGNuPnCRZD9Rs2mr/xAE5DnRmL9+ +x9rTTtUp967K4rH36mc4fruoVTPB3nlqSVZqSIw7Q4sD9DARrO6IKO0RbDczE38l +qtZxmdL4+096RMcgeLIiRBfYVhCiTEgcOq2/gtfl4GbprKERI7P496eEX7fSMIm3 +vD+cYdgSu6T+r1P59yaOvpp5U0e2K9MxYOE5ERHDMrgy0uJtigWu9X73AzMcbAeO +gaQm8g0ir/5IEkioCeKYTrnFBxZdo7JzfEynPiTp2Mxyo4fdx2mNWN0uJ2lytPti +z2bEeouLxAMWtp1/e/VEwgSnF4Cc9zK6OgXhcSgWiGqc+A5eyQuB6ywFPEz/unIQ +2pmV4e/S3ZV90CT2j+AcdSVkgA4Wn8HXdn5FhSeohYDDYkBYG3XDjkAM2fFboGse +R5lPABFoGZN3SxtWlHmV9riSSRTgjytATIJMW6DiD9Tz0Tzz5kzEPSpM6MoQwDmB +ZNtogBIHP5J84AmqQndRHu6tM8iP9PI1K8e3V3wuyCdxyFsa8oP6T4UT6s4LL7d2 +hncAgkYvvxyy3l1SQGRBVAufjITZ3QgCUdAG0Advoe909Nn1MJwVw9aJt/WBWsBE +PZlU6CVWH2O+XPe+8Zwk4FVGxKV+P4IguUrWFIJFFNiRdTPF34acGRekMUo3op65 +EYSr37whK5uWg7cbE3gHssVfl0g7fkMQNGjoJb1RoK4XUmJHPMnwtVWVzWjTX6qF +vur7KorkUD2WW7Op5UXkLdrajfCuwJhHjspGwiFopvkXQaLGIbm8c6fDhKkxt1QE +Myr7VzJHk+Gy/1hb8xlmvGWOACmdVmB9KLJtpanrBHzT59evLf7fHpw7qbugFOQC +f+bnCrI3vf1nMoJPwEGJlprymgTrgu6BigAVXrLQ4XJ0Ry+X+zPxjLkljwJxdbch +EHRPX19hUUpp0QNrelHkCAMfwqcswhC4J5+qARVhcXLWyiN/12C4ZVHKZY7vdC78 +iSMLVbWD1wuMFqsavjp5YrNuZNHCSK+BDtQfLi/HRxZ5qbnMCCku2tV1llOxvixa +WpxrQBblkmNJZJlEwbwqQPw8UMPdBzHuHUY4G8gSoBadHPYOp2aKsC8RGQMdZm/+ +zDpsmc5gt/HpVkBN/KzrpQTehXwZxxbB4SZDA9rzUCUWmeD6zVnHi1LP/CDQaFC5 +gza7RHsfkl/2GVuR3jMs+YAluTBM+pJbbcJlEJgcxmFRntDJSRvFxYqJctC3/9sD ++ZXyoN7Z3DLGIALhfIktbnISEsOXVut8WIgfna1MtGqXSwyH80G7Kv+mv5BwkZu3 +seHMD8YzpQUD2/n7eVwgePkciNSEvS+bEjACNs2K80JKnNzD +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem b/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem new file mode 100644 index 0000000..794f9c2 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/NewCerts/08.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:30 2020 GMT + Not After : Feb 23 13:31:30 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:33:db:43:5e:d5:91:27:95:35:d2:86:b2:e5: + 70:ac:b8:cf:74:01:2c:60:4d:67:b2:2c:2d:ef:c4: + 04:53:4d:08:9b:ce:55:ca:7a:ab:02:29:5d:3d:27: + ee:3e:a3:23:2e:3e:36:8d:f1:ca:8f:a7:4b:8b:a9: + 39:d3:33:39:d0:b9:f4:9b:c4:14:2c:41:67:be:6a: + 32:b6:86:0d:70:0e:eb:6c:b1:d1:ef:92:70:ec:70: + 70:2d:5f:4f:ea:6c:3e:9f:ee:9a:11:32:93:5f:b0: + e3:51:24:e2:33:08:22:ee:69:07:c6:10:a2:3f:43: + 67:3c:0b:48:b6:d1:92:99:22:de:fe:da:28:e9:12: + ba:a7:d6:54:76:c4:3c:56:a7:c9:e4:28:18:fd:89: + 8a:eb:02:42:88:27:59:61:f5:bd:5f:0d:eb:ce:80: + 4a:84:29:e5:38:93:1d:d9:0a:50:e3:eb:72:ec:b2: + 73:16:ab:75:33:3a:74:fd:6c:b8:a9:b9:09:c0:30: + 0a:74:d4:01:3e:00:0e:89:cf:87:aa:19:f5:7b:c4: + 0d:4f:b1:f1:40:59:54:67:28:aa:ca:18:75:7d:96: + d4:4d:99:e3:b1:84:bc:e7:65:80:ea:f6:dd:30:ce: + cf:14:67:b5:27:09:5f:83:a5:8c:87:62:8f:5a:22: + d5:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom2.samba.example.com + X509v3 Subject Key Identifier: + 6A:36:04:8E:C5:C3:2C:C9:17:BA:52:66:D3:AB:0D:C3:F2:25:1A:CD + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 4d:5b:aa:28:b6:e0:a4:61:63:ed:09:7a:0e:2b:b2:c9:83:73: + f5:28:17:2b:d5:4e:c7:7b:01:99:5d:b9:c5:93:b3:a5:e2:64: + 33:96:38:55:c4:a4:84:9a:d1:dc:40:56:ec:da:a7:a5:3b:7c: + 91:c7:8d:03:44:44:9d:a5:0a:9e:de:6a:9d:c2:80:49:93:db: + 4d:74:fa:3c:fd:54:de:99:9c:f8:82:63:ba:5e:81:9e:4d:ae: + a2:a1:09:dd:81:5a:3e:81:31:8b:ff:85:32:ae:30:9e:1a:d6: + 04:d9:1c:bd:a5:0e:83:29:86:f4:be:0f:81:9a:84:f4:42:42: + 6d:20:18:16:ef:21:ac:51:b3:34:bd:0f:b5:2c:7e:c5:21:3d: + f7:77:95:1e:8f:45:3e:f8:79:93:ad:35:dd:cd:97:95:fe:b6: + 5f:88:e7:b8:38:54:15:29:61:2f:17:91:99:74:0c:66:9a:55: + 5c:dd:22:19:a1:8e:c1:a5:23:45:a4:85:f2:b2:98:3b:2c:85: + d8:2a:8e:9c:4d:6c:9e:9e:ef:80:24:2f:57:f3:a1:1f:09:c4: + 44:4d:11:d2:84:87:2a:57:f0:cc:9e:38:2c:3a:68:ee:0b:be: + e9:48:67:ff:87:2b:29:03:25:22:8e:00:33:f8:2a:7c:11:91: + 17:42:fc:6c:d1:94:c6:f0:7f:ad:c3:97:cf:9f:cc:a5:be:25: + 33:af:d4:c4:06:17:a7:be:11:bf:51:5e:6e:b8:26:56:1e:d5: + d6:ce:85:05:62:02:62:92:63:48:d9:d2:0b:e4:f9:2c:a2:53: + 4f:5e:3d:31:07:4d:5b:c4:48:bc:d5:f0:66:98:fd:85:45:26: + 4b:98:4f:a2:ac:05:a0:df:ee:4e:c9:9c:2f:3c:ee:74:9d:54: + 83:03:d8:42:a1:ba:57:a1:d4:43:93:a0:94:e3:0c:3b:cb:eb: + e6:05:73:60:18:32:81:25:21:55:14:99:2b:9d:0e:b2:72:31: + 63:73:5a:94:b2:30:e7:16:16:4c:33:68:cb:e6:87:aa:20:c6: + 9c:f1:26:3b:f5:76:7a:9b:07:f7:d9:c0:6c:50:04:d6:14:06: + 37:e5:fc:58:18:d5:a7:c8:29:56:9e:3c:fd:03:96:e8:4e:1a: + 7e:6e:e3:c9:aa:e6:3f:5d:1a:cd:86:f3:17:82:3b:ff:4c:8e: + 6b:d2:11:84:ce:36:cc:c8:fe:31:80:43:23:fa:fe:3c:8c:57: + a0:a1:1e:b9:08:c1:03:af:8f:3b:6b:cb:12:e4:6a:31:94:86: + 7a:17:c5:9f:80:bc:bc:e0:42:7b:5a:57:ef:b7:d3:0c:5f:98: + 71:aa:4e:cf:b4:c7:25:33:96:54:7b:ca:90:79:6f:f8:f0:c3: + e7:9d:e7:d0:67:4d:7b:20:7b:9d:d0:91:4f:ab:a3:a2:99:fa: + 9a:74:37:33:64:0c:bf:b6:94:3f:62:5f:a5:76:1e:60:54:e6: + bf:3a:11:5b:f0:ba:62:12:2e:9b:99:a2:37:9f:4c:b9:e8:8e: + d2:81:1f:0f:26:23:3b:9a:3b:69:70:09:e4:ae:05:65:04:3e: + 55:06:43:1f:5e:fb:2d:e6:03:b6:c4:ca:47:66:f0:d3:2b:a0: + 79:e8:45:a4:df:8f:31:fd:7e:67:ca:50:e0:b0:99:9d:2c:6a: + 16:f0:39:01:da:7f:d7:66:15:d1:99:3b:d7:7c:8a:bf:b7:d4: + b1:d3:fb:e2:fc:75:82:47:fc:96:42:57:ce:4a:d5:12:07:99: + 5b:ae:1a:c2:98:f1:fa:3d:a7:19:88:75:c8:fa:81:60:1f:19: + 21:0c:25:84:a1:c3:88:30:a7:80:da:85:85:e1:42:98:76:37: + ab:48:75:60:2d:1d:f9:05:6e:04:e2:2b:ce:37:75:17:27:0d: + 87:11:d6:2b:fa:37:bf:b7:e3:d2:96:b9:d8:92:18:4a:00:45: + 6d:9d:c6:20:d0:6b:2c:ed:33:06:08:d7:0f:56:44:5e:68:9f: + 9f:20:fc:57:a8:27:68:c9:f5:f5:2e:4d:0b:3c:a9:2e:92:2b: + d3:88:a9:18:27:24:0f:33:90:23:b3:41:99:5b:ec:bd:ef:ba: + 5b:4a:b6:a9:6c:b5:a5:d4:47:1e:9c:e7:32:0c:72:98:e7:8c: + a4:aa:72:8f:2b:90:5f:2d:23:bf:99:62:75:47:2f:9a:79:5e: + 4b:8a:8c:f2:28:df:30:59:6b:62:45:4b:b6:e5:39:ab:77:f0: + 51:4b:b7:6f:42:0a:81:a7:c0:c9:8a:c6:09:2a:e8:35:36:53: + c9:5b:93:dc:a5:1e:17:b1:cc:b4:13:b5:bb:b0:df:b8:cd:68: + 8a:10:18:8c:de:07:33:31:68:6b:f4:6a:dc:d0:17:10:c4:2d: + ec:66:51:c3:01:b3:2a:f0:0e:b9:c2:4d:7c:8d:d8:ab:c0:76: + 79:ca:e6:ff:a4:36:da:c1:8d:2e:13:7d:15:21:72:86:ad:4b: + 1b:73:4f:46:2f:fa:1e:ae:e8:8f:dd:79:6c:46:57:0a:05:ef: + 11:04:ae:a0:c5:13:86:6a:a3:cc:9c:b7:80:ef:18:5f:67:f7: + 43:ef:e2:94:4f:85:06:2f:d1:7a:97:07:ed:89:7d:aa:1e:e0: + cf:52:63:b9:28:95:aa:6d:ca:f2:20:c2:f3:07:83:c5:f4:a2: + ee:20:61:88:34:12:62:05:67:8d:f2:83:25:0b:9a:89 +-----BEGIN CERTIFICATE----- +MIII/TCCBOWgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMzBaFw00MDAyMjMxMzMxMzBaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxKDAmBgNVBAMMH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20xLjAsBgkqhkiG9w0BCQEWH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcM9tDXtWRJ5U10oay +5XCsuM90ASxgTWeyLC3vxARTTQibzlXKeqsCKV09J+4+oyMuPjaN8cqPp0uLqTnT +MznQufSbxBQsQWe+ajK2hg1wDutssdHvknDscHAtX0/qbD6f7poRMpNfsONRJOIz +CCLuaQfGEKI/Q2c8C0i20ZKZIt7+2ijpErqn1lR2xDxWp8nkKBj9iYrrAkKIJ1lh +9b1fDevOgEqEKeU4kx3ZClDj63LssnMWq3UzOnT9bLipuQnAMAp01AE+AA6Jz4eq +GfV7xA1PsfFAWVRnKKrKGHV9ltRNmeOxhLznZYDq9t0wzs8UZ7UnCV+DpYyHYo9a +ItV1AgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0 +dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl +LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ +YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIHBr +aW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFGo2BI7FwyzJ +F7pSZtOrDcPyJRrNMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG +A1UdEQRUMFKBH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB +BAGCNxQCA6AhDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD +AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEATVuqKLbgpGFj7Ql6Diuy +yYNz9SgXK9VOx3sBmV25xZOzpeJkM5Y4VcSkhJrR3EBW7NqnpTt8kceNA0REnaUK +nt5qncKASZPbTXT6PP1U3pmc+IJjul6Bnk2uoqEJ3YFaPoExi/+FMq4wnhrWBNkc +vaUOgymG9L4PgZqE9EJCbSAYFu8hrFGzNL0PtSx+xSE993eVHo9FPvh5k6013c2X +lf62X4jnuDhUFSlhLxeRmXQMZppVXN0iGaGOwaUjRaSF8rKYOyyF2CqOnE1snp7v +gCQvV/OhHwnERE0R0oSHKlfwzJ44LDpo7gu+6Uhn/4crKQMlIo4AM/gqfBGRF0L8 +bNGUxvB/rcOXz5/Mpb4lM6/UxAYXp74Rv1FebrgmVh7V1s6FBWICYpJjSNnSC+T5 +LKJTT149MQdNW8RIvNXwZpj9hUUmS5hPoqwFoN/uTsmcLzzudJ1UgwPYQqG6V6HU +Q5OglOMMO8vr5gVzYBgygSUhVRSZK50OsnIxY3NalLIw5xYWTDNoy+aHqiDGnPEm +O/V2epsH99nAbFAE1hQGN+X8WBjVp8gpVp48/QOW6E4afm7jyarmP10azYbzF4I7 +/0yOa9IRhM42zMj+MYBDI/r+PIxXoKEeuQjBA6+PO2vLEuRqMZSGehfFn4C8vOBC +e1pX77fTDF+YcapOz7THJTOWVHvKkHlv+PDD553n0GdNeyB7ndCRT6ujopn6mnQ3 +M2QMv7aUP2JfpXYeYFTmvzoRW/C6YhIum5miN59MueiO0oEfDyYjO5o7aXAJ5K4F +ZQQ+VQZDH177LeYDtsTKR2bw0yugeehFpN+PMf1+Z8pQ4LCZnSxqFvA5Adp/12YV +0Zk713yKv7fUsdP74vx1gkf8lkJXzkrVEgeZW64awpjx+j2nGYh1yPqBYB8ZIQwl +hKHDiDCngNqFheFCmHY3q0h1YC0d+QVuBOIrzjd1FycNhxHWK/o3v7fj0pa52JIY +SgBFbZ3GINBrLO0zBgjXD1ZEXmifnyD8V6gnaMn19S5NCzypLpIr04ipGCckDzOQ +I7NBmVvsve+6W0q2qWy1pdRHHpznMgxymOeMpKpyjyuQXy0jv5lidUcvmnleS4qM +8ijfMFlrYkVLtuU5q3fwUUu3b0IKgafAyYrGCSroNTZTyVuT3KUeF7HMtBO1u7Df +uM1oihAYjN4HMzFoa/Rq3NAXEMQt7GZRwwGzKvAOucJNfI3Yq8B2ecrm/6Q22sGN +LhN9FSFyhq1LG3NPRi/6Hq7oj915bEZXCgXvEQSuoMUThmqjzJy3gO8YX2f3Q+/i +lE+FBi/RepcH7Yl9qh7gz1JjuSiVqm3K8iDC8weDxfSi7iBhiDQSYgVnjfKDJQua +iQ== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt @@ -0,0 +1 @@ +01 diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt.old b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt.old new file mode 100644 index 0000000..4daddb7 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt.old @@ -0,0 +1 @@ +00 diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt new file mode 100644 index 0000000..53eb2a5 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt @@ -0,0 +1,9 @@ +V 360311232844Z 00 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=localdc.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 360311232904Z 01 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@samba.example.com/emailAddress=administrator@samba.example.com +V 360311232925Z 02 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=addc.addom.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 360311232941Z 03 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom.samba.example.com/emailAddress=administrator@addom.samba.example.com +V 360529193029Z 04 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com +V 360529193047Z 05 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com +V 400223133028Z 06 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 400223133101Z 07 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com +V 400223133130Z 08 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr.old b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old new file mode 100644 index 0000000..28644e4 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old @@ -0,0 +1,8 @@ +V 360311232844Z 00 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=localdc.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 360311232904Z 01 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@samba.example.com/emailAddress=administrator@samba.example.com +V 360311232925Z 02 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=addc.addom.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 360311232941Z 03 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom.samba.example.com/emailAddress=administrator@addom.samba.example.com +V 360529193029Z 04 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com +V 360529193047Z 05 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com +V 400223133028Z 06 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Domain Controllers/CN=addcsmb1.addom2.samba.example.com/emailAddress=ca-samba.example.com@samba.example.com +V 400223133101Z 07 unknown /C=US/ST=SambaState/O=SambaSelfTesting/OU=Users/CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-openssl.cnf new file mode 100644 index 0000000..17a5571 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-openssl.cnf @@ -0,0 +1,203 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 1 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 8192 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = CA Administration + +commonName = Common Name (eg, YOUR name) +commonName_default = CA of samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = ca-samba.example.com@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ template_x509_extensions ] + diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-private-key.pem new file mode 100644 index 0000000..930b870 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-private-key.pem @@ -0,0 +1,102 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIISljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI8gnWGjK+GVYCAggA +MBQGCCqGSIb3DQMHBAjV6Im8e0V05wSCElCDz2WaJB4sMLy3WQI/JoMnq+DDjyNC +7+9th9jeu0Nzcax9NqQ2pKWav2eIwhjS61AM7Zw4+SIqV6mJmuv1IVohHgxAx+nN +1Poq6bAbgbxk0uwS4nSYXQWOA6xhmjLuZcQcl8bZ6c50Vvc1GLkKiJ7T2x0xr2qt +pkw86WzbBtrUDbg5IHR3AsgTpyg1Lhs/E1ZCJ3Kd5qXpJwoejvjMCeCqroEzEfo0 +TzIRQS3R/hbnsAzwP03p4HyNs7rY8qGY0K+xv6fTHHiiw+0KbJK0w8KLi7ru0pp8 +YPTTSWBLd96ws0nlhY0aVQzDhlbXSXtqMSQNgZYln7CcH2R8dycwcjDhX0JsPAql +tIzvkl2goYU7jNI5QnpGPA9VH2U2ipMaEhiaY4yfDolnRaueo3YdmigFz7I4Tanx +kB3BaF0WrUkIk9oXXH2yIbRm6UAgYhGvNkTcifu6Iv+xfxn2JPulNGWcsJlVsRof +Hrdy3ZzcDp3bYDoA7gVWQgQKoz3ngIhrgH98zSiNCpKvjWXYx+oWYKHtxVFtFwij +Pc6+AUdTTjVfQsfNBkE9B2sjmvif6lnKWaMS349zodVCjWQrjsUITJV9Hbqv/8lw +GrCTFS4R1Wt+ABQDZXZDj4qXQ3Y8NhNI4Z/rkGN9rdaNJuDoyDYzm0tGvoRBP2uV +GJrAWKt6amx0oSI18L1cqm2hoY7wiZSYFqdXbZm5fbhoELfeak0tMPkHEXx1HtCu +cVQjcbHTakHcc1cW5TFRlmWZwar4RC//6YO5PENhMacPuW1ld0qF5AbwH303Gw1/ +k4+sYBe0IxiFQWnIFyfCoZI9swTojuUU/p+wxHjwCoxLoiYDN8EOCkHvgcgu7ddQ +WVHpWyhcNeKcYH71PvyPXjJufbaBouMHrGAodAQXYuRZCwpXvfRG6rqs3yPYkFYn +dBRdUKDIj2KBLg5n2ssy7ENpRcygUwfgK4H7Qn1yHmDMuq9VjgWNSn1ufCQa+M2L +CAOMrzX6uRuzw04K2vvv9xhC/Vrr+ISbOL9CDJyvyD4Xzk09JXV9CL8zTDzlJf6s +DnGhd4F/ejKn8MiOTOYuKugqoFDIw0D3WtbiAHYkXyB1Q13JXjc+N5E74xtGPVUW +IezrC9yEnQWrrtCBFbAtAKehphfZrvseAB4tBSyToio9wXBVKupa/ghoKEuBIQtE +OAsBY5Vd8JwZyaLFLBzkPfDqZE6mNSQuSm/x4HjciToQBYicNoGApRH0qneHXdUU +YUA5QeRp/HRL+yawNPq47HgvmbJh1cpyOsBOGjwqo0Tf0Q6WcqhrZmceHJbpxFeR +ySDEsuqdSp0prk5CCJ6HO3gsrE6DFLmLNNkZACycIndKO/I98ORY4dmR+zGUoMTS +Y5Gqpxhuh2LleiquFv3c/mrXVRA4Vl6F43H8isv+7/avhoSkBdoVi17wCR3pdk9F +naPHRqv6O+VT82S8BqYLR0xk3or+0wzFuaGkh6zPjlYr+DGrTr9qSW34+hJAUsSh +pcmePlS4A08sM2aZ/z4NSBzGrtSAI0KaeZOZMEyHL7MwZGHvQYz4WbekZJMZR33L +51ia/VkA2rMw6fgV/HYA3Zwd3NSTQ9jvwP8oAYmjrIbkApQTZQdbGQIh+8kcA4QE +3seLJAQQ3/reJvkc4jzwbF+A6K53iu23s/FhP89fK93xz+2zxt4bfMb0RQYWSb4u +aMsTHMC+Aenx93KrVYHvBi/O3PRxPUZQaPPQ+GQVerpmqhnrAtPh8xMjtxRpF3mI +Hff9RJTCi9jAQWDYAuuWNo1nFi4q6tQU8vCX2T5o+AsvwIrRDxz9E3ELqwPD1Zl8 +YRSBVgQPpy9xS/eHCgBOa7Lch2/gmew0pE6JgHmGSAZbZGVa7QxIsWvrgvNwuDmQ +pV9xVWttK5dup1un9Z9fiuozO+Iu6a8x0ECCxsUEO2C9bh+Qt1EzjirVy+1WWnKc +fW2XrFHwQMqIMTjM8JOuWgL2R+YjhFFge0h8CGiXk4f6mnuuGfHhP858Mmxuw0rZ +bdwwyBq1eiXPrkxm88yo8FYmLXCQExlyFsLbFZ+kJVhZbxeP9siedP14Tgqy2FC0 +2A+tcmypVLu5Vthu66I3wUvmgi9hucwe/s8qCRQwYciN1wzHH6f+uDz//kQIgA75 +AuNAHJYV3uWCKUESpnDL/9W2O6FvWY/j24QG0AkXsl+peovo8CucGUZxphLfsua6 +4x2WrTLehObG+G54CHdOLTrFQDIDRL9Kvmrw8/TGkXEles+WNnB8HxiUQKokA3ld +fhXy+e/yjaGzwoNY84CV1WXowWJ2vA1Z9gdr1mFpl2uJm1s+RRquuyRI/yXBvGQ4 +x0pPSe8vbQ2OlCzuVMjFpG4dx4oqBwXUR69YigpsVi1A3n23qAPUSjJBflgPLWdG +x/T+NiQ9TVhFKHqkgiL7e5s5VWaYREXjfDeiVowst/7vJdX3RugJTlVfnmPJ/pJZ +JnObpWxm7jmJu72fek0bmNaOMvMf4YVB5G/z2gQ0bpwSbl91kxJvTJ6DG9Kb10h9 +ekfffdFdiZHD5V7BUibmt3aYAZSPRG3Scurrv/kKzkH1/cEMnMDb2ppxsfT+LrLu +92P/7sCxqGJtk6JNiV9MhY3c9gBHsWTIbcJG/wZHzXhwZphoPyFf21I3x11jzQ86 +D3WTC4UQ8ez+PgMvl1ifP0wC0e7ANs8GsDZg9GEI+tBxx4GsAP1dcpr8c+v/wEDF +/a2fXqtymxWUDc4qCcrE5Az/U7k4tMSIvOiH/QVBsYOybcuvHd4E+Yrx7bXapk0V +KIgFQm8kVftR32h7KDx55Vcv5a11dEp4TUF1k1MH36GVxMzfqQnnTnwDs67Q2FCs +YAGt9jF0imAU3KZUwHbJvPYpjNEV9g3pkd4shyB7ZqNXjOFG+rU7F6xOVcf33lBu +yP653eMJjLR7hKrQ1UiWhgosc9zSUhl+Er6EqV0OoNtXzDI0uHsCzJ4BuLeKzOga +wXS8JjzHR9Qb+Nf0OljkNgmfCUBk7BDGuvt6ZQwP4pift9+YKJQ9dTLz0QZxeEoA +Ky9BOkhF4Q9cYACZiSnZGWq5Y+5I+zIPr1LxGfu8gOqhkvne5wAHmC97YbSXaHXI +rHvFhAzbwdsX2Crgvgd+feIP3LU5T7YhGW3nZMbigaDsBOTUQQW0f8tXygc1QjzT +dV/mbpoIDz/39PIYKC0BlQQ2S3clfr8SoRWR0bKEypPd7CZXAH4zAdPjKJih3yV/ +SqWxvMKuZFpSu3BJTcrXvN7nvKBzW17VGI0eSE9+SwrsMHZVUjXUolarSYczdC6v +QKkNV7+Uu04GCNivnE6sYs3M0n5ZSvvBha1/8kUDIi1k6QhvtEauA3WuoMp8/iU2 +mlvT5Kev96glUo1SdCQRLZFh1HXtvKgYiqEZ8FVW3kHMrvDF3Nxh4XDGvuQ6nO8O +w8TfE56kZVot8KTcYkOBDiyVX/qGLYNNvW2WHm+zygHKVQRkxnL5Y1/GOU10Wr2i +7ynFFYyjHwj5vkKsqLytQmuIxig2L8eW2WSx74WyWJPLbeHUSVweHjO9DTh9TgUZ +QEqPRuhTJMXq6VYpMWq9CUYAF/nal1vTab3Q7BbKcDFma89d4m+yv6FTnOnswS5q +r22NvQwl+09grdVYaL14a+BtkkCYH+SL30B54Vws5W7JS+34OSkMzDZtwwuGUqC3 +P61oG3jsGyJt6knWTgnp83GHKo1jsrP6IooatP4BaPf7PmKcftPuzies10G7MGHm +h7gAAYVrAW9lDvKKYc7UC/rgf4kJpkqcM6d3eU+9+ccVfmCIbHN4dEE/+VGKMHAA +qKQS9j5dyoCZH14PXAotyHCmvst08pkKG9Oj7VPG/+rX6tBD3y1LOlMbMKet9Owy +WA0yTBYXHxr22zcJD6k/7AgkBKbdkJPMR+X9IyINQojpvXJZIKZkVhoSCa4d9DYF +2xLKo3W3Mqoi3U7sQ42mQsdaozlql+CBYqd3wq1bkGyyqZ4zgm+D9VI+mZ6hZGt/ +77Qlp2j8JeCdsPDy+igzCpz6fkVaQum5fZlg1II5uYR+4EOvn33LbCT+kcqp+YC8 +m32umo2Eg1In2xgfqCpPTEDIjLSxgvC+NtJ/CmGVo6gYebyFLXZlnDbzAhxaOIDO +p59Tm9K3+wL31FnQOlXtkO9VihN9k5W1qR/MjPH3LaWCFSgMjed3LlOPEFBYmzeV +oz1oBZcJGVA0aEMA/Oh8hqMjVjz3vaIQfCuJ6eTLob7RDfmnhVaCPHMT9sJDCqKU +j4r1P0SRj+SRt+tO3kPD3dz8ejXRUb/lTLTSx3fQK0sB7XWu/LJpP3jGgoES6W/t +Fj6Eai8LXjqr+1rMnc0NKCLlWZakYp8snikOI5b/+t4WsOwhKVFiMbMdtkf5u7J8 +yKLPpkUS/YBxk4Uhv7srkITCzGpE9keV9umQImwPKAtb25DcAXPp5IXuJViHtu6Y +rKYYlmWgjobgCDvP7NFGKv+7hszZpWmSg/AS13QtPUZ9Fn9mM/Af8Swu5pp2HGUp +Zme8CjltYjtAk5ChNL+9C5AlVEZoD0x1ag16Gp09ODzEjQ0JebojJuw1X4+q3syD +BodCMFhwiO2nsnHrr5PALdoAy4YYmQop31HwjhsDShCuSc+8kWnvWRlzyVSI8/vV +jD8TV68QBeKyU8PDhC2Bmogy/xVYAJthgfK9LYD619Xz8+0h0cTFSwK/WAO4C38l +WV9SASyAj0O+JMUWheq/Qh4gP2NRDL2fyMFpf8uflwTjmg3Mu39oqcI3SQYk6ViI +Mq+ClfbU1hYZrakAN8pt8HUM1XbXJRDXnE3hmrTiU+jdNucuunHDjkf9ZaRNgBWW +yV309Ua9O91EEG0iGjkQ9Sy3ChscBolfvMpayzGtQRFDYWDX6UZnV5zI4ir21ikQ +A04zphPlCdOWelU8Qs8GuYX8HeXCzc1hUKffARtY2DQqiQ6lmh4YXHM0ILK/kDYo +ftmcBWpAZEntVRlnrCbPz29cwltn6DHQC6HWKGQyRxafp8fINUOINNMui+W4UR5f +tNn9IederuOpDvgYDMAzEt59BT8QgRggJl+hlXjRxOXANLTOHWqWKejk8+LAAH3+ +DjBFTX84cfrbbLgrK57E9afEN84KM2EJCCGFXYvc5qBPgrS9oYQwIErvpy89k8fW +bR7pU41CrHYZG2am774H80FCfofzzAFoJ2pZdPF2Lo95cLxNENy8RjYfePJR2tcf +vlqNynUvBjabCW6XhtmRK8/fsakfqfaQkZfpHqtA+qAweLh1bcirz3rBeNvwsO3G +JBxUgNkMel2F78Lg/EfMQL/hxeajDV+LilJkeZeRbHNL18M8dzzJaZkBm2oGylc5 +AS5r4r1EvSINjf1uXDA9CMBNydf6n62VPnDKrk1WK2R+pzFeeVvRayx7PVWacP3N +JnKPY+t2eIq5JlNCfIHcL8MDHaau4ck/f2lnUJm1OfqhdfAf6wsf+XuEhfkzqsV/ +gRjrumWsuMs7B15eIZNoyP+x9XPfTXvKXtNpWaUbq2iC/rxgMzqzDN0XvHSr8eTL +I5sg9nlAiezZYcDsGcjpK5EUY3/3zmZtO+OvXg2kA0dQx8QWg51B8MI/f9EprAAp +O4ypSjvH+Hthnq4Cr1dXtJzOJru3wz0N37Hy/EhMrDYP3XJUjkYJqTrxM8dsT7TD +RwvRjbJaZYi1mmIakXbHAhEAcIg/Z7hueIYHrOzYaW6akPdxy0yS252mZ83KtUC9 +oxNzYQdMi43bxbWgcTu5RxGPZ99IYUdKziBJiJlOpWFSzPwKcD0bkHeDAbWZ4Aex +msyzLubI3nPnuszVWgG8cUP1w1HbCC5KAWIOSoRYS6SzcirAZAXuqvoBGGSCiKdJ +kMIXRjSHgTfNPE0zSkuoYognqtPBQB+tCmEYUwmIidzp7iVe3muLJj1qHRcUNx1g +XzbpRMOGRUSgMJJlcba5BRNmFnSEjgnFx+v/NEiMhjacOiDDypi58eYPvgLZ0v8I +UlI0napiKxX1XS9XZE7SI8xXn5zte2de36xAfZTm1gMEYG/sOUndKUUrmsG4ag+u +ttyW6veD/LMXzYX/vP6zBe8l2RkZp15xMPMSTovij4ELLOAsWmAB8MAQ7p2TThOa +gmFx0AnWZ55GAXcM6/2dK54ZQjm12KgRz2uZD6RpHgxDlErzHBVY8VFWPHx4b60M ++BVqk94uAsprvWczcuowZwF41MsJ7wm3a1Jtd104mx1/0GokF6EG+NjpSFvHiDN8 +JVlZ24lBIBv/7Q== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt new file mode 100644 index 0000000..86397e5 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt @@ -0,0 +1 @@ +09 diff --git a/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old new file mode 100644 index 0000000..adb9de8 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old @@ -0,0 +1 @@ +08 diff --git a/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.cer b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.cer Binary files differnew file mode 100644 index 0000000..417a22d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.pem new file mode 100644 index 0000000..d6a1577 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.pem @@ -0,0 +1,62 @@ +-----BEGIN CERTIFICATE----- +MIILPDCCBySgAwIBAgIJAM6BrnFPnFmXMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKU2FtYmFTdGF0ZTESMBAGA1UEBwwJU2FtYmFDaXR5 +MRkwFwYDVQQKDBBTYW1iYVNlbGZUZXN0aW5nMRowGAYDVQQLDBFDQSBBZG1pbmlz +dHJhdGlvbjEgMB4GA1UEAwwXQ0Egb2Ygc2FtYmEuZXhhbXBsZS5jb20xNTAzBgkq +hkiG9w0BCQEWJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29t +MB4XDTE2MDMxNjIzMjgzMVoXDTM2MDMxMTIzMjgzMVowgcYxCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApTYW1iYVN0YXRlMRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNV +BAoMEFNhbWJhU2VsZlRlc3RpbmcxGjAYBgNVBAsMEUNBIEFkbWluaXN0cmF0aW9u +MSAwHgYDVQQDDBdDQSBvZiBzYW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJ +ARYmY2Etc2FtYmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wggQiMA0G +CSqGSIb3DQEBAQUAA4IEDwAwggQKAoIEAQC3qPlXMRW0bS5QonEW4MMRiZlgWRc3 +DLtA1hSg0a0POKXIBTTb26kVWwJkdLdLPf9POdAWa+PtEDcgiTKeNeh3hdCaKQiR +LGtmR2Ncy5jcLyAaJPHL3ZrYCzKPyfhVLtZqrS+5CmJRs1Ar1zEpRPIcT0Qdb6Jp +gu43msIQnULTZPatF4Oi847jb/JIXnTYxto7cuk1I/2VFJ8OD2cYypNbCkthwAga +ftJ0GNsM2Ii0q5aFnrHpCh/UhvQ1XGZfGVgBRrFjQQ75GlSCFXuwLLiyXwpj6c/p +QPTQuWLe+21rnizpxmXBvP6d2LaX2Vsq/XP9iVN/jVigY4swgk61Z6XFkmsVJErB ++JEOrjdcO0kkkqlSY0aqqpoXgtV8lNxTeKrNllRmW/i/Wz174PPdvR6QQFMG0X/W +NOtqwBGZqiafHlu1xrtC/RnzC2S3ygKssP9463bO8IDvhv2I3QnbsuQdKhQSE5rr +VDJcSI1DHe+tGsko4QA2RBFvgO8+877K9qnBXpnVdYrnEk4UlZVk8L7TIngbA7RR +bZ7j1mE28PIzcGN2ps1IY80CbO6V+60YegT2F7smjRAS9YJyfqM0fs4yoRuT5Day +BHN9asy//gEVfebXytzfvZvh0Y+XTlxsXbZ24IsaW1IhsLNvny9BX2Ygrv5wnf7i +zvEGf4rnO4v+d4mn2HrkkYLfIJe/iQAY3c8uABbEZgzrTHqC+oyRE4MQUtjQR+10 +8IOvbVeU716Q3SxyiGlq0Dici84J2izArVuZBGVoS2pytwbNFU7eL5SeirL1Xy/E +3siV+y6Oxr3sigrAmMQbzr0YQT7yDjVaP61ct8krc5N4Z95SciIlvmEIzKkV8kql +Uiom+XWP8aRnZmiuvfGnvEyB67MmggEkG1LGIhsp+ZsnTfo4nU716Djlq5pOZHY2 +VTiOLET7Omo/a+RmHwrog4hRm2BYifyt3RGmzoWF77klbow13ov0UrsTF7Sw6Uft +EnaklsZU9cfFyNLsDjEwRTWQ4QMdq3dI6WSOYN9EWFtxLGY8FypH2QkTOOPsqgXY +/SxZUBqa3r+MrGRJ2NCF6kr1/yanLicVzNSR4tymEFDfF2FJVOtQqbO370JGIrJE +3kq89zUUMH9xNP6IJu+N11Xe63028KlJomWq6my8AUk7a0sk8z75FIa5PvUSYhQ8 +gbTYXM2AyYLTYxkLt+OzLLyvQI1l6KX3PWLaa94lqxkjGQWIt/ViL1OTineiTbYJ +YR2SB4R3S3Y6N3AAT6l7D1/lxThrqzmWAAkbElBTZZrXGybjL3I9q8lzVt98X9HY +LrVClydpw42drOIX5PQ68+s8lYNBA1/uYim3IgTjDPIqsNIkBOjreYnPAgMBAAGj +ggEpMIIBJTAdBgNVHQ4EFgQUoj4CKqOnTTm0CE2ZzAx1Nuonwz4wHwYDVR0jBBgw +FoAUoj4CKqOnTTm0CE2ZzAx1Nuonwz4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC +AQYwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNv +bS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwEQYJYIZIAYb4QgEB +BAQDAgEGMDEGA1UdEQQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4 +YW1wbGUuY29tMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJh +LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IEAQCa8zKgFnArq4GM+OJfiK95 +fYuTgbO+PaH19GWCyNkNCrtasxt6BIdxKYW+rC6VxXBRXSvaPLbiRCDhD9hL03IR +daQ+R9JanYzoloN7m5q+mSdJpfsIfdlvqKr4hyti6sfC3jnQC1Tp696KrW1P1Ymi +kOOxksmngZzTYr2q+JhydYsNAdpxeAIAILDZI0F4VzOVPXRy2+Gop+lwWYvtRjjn +Z8HemYJ8jIGUlldMVInd5+XmS4/+kFLB6Ly+JAoqC9PBUfWiwXIFIPOIM5ia4sNH +ZeViTG5Kw7MO/esPs7J8VKB6La4v+CYCT4ngT0ekRLXhRi/Dwa8Ok+hFmRtrikvU +TEqZPOQT3sRqGdlongAZ1kmCkU4n4RhwbMh6WitDKJf7YToMsyrm6LQvGo4Bf1Ns +mqnY93OSTyOblNGYwq45BMQbGhW21uW93SQg938ojuw4366KeGnHCD3zvyfWh6Yh +duAWNQb8TNDqhik0lLNVMyrEPpk0f24XrVC2LBia3Z4hQvep/pI8tg1656XbI6/J +GubM9KW6o0ndZLnMzFFga3JqztzL/Ooqu+yVaA9q89GlN2zv3hafXaC/AChG1b8k +Esx37mA68jVaTh/1hX8T2hz14EV3LUB2N21W228HuUhZ33PEcR10XMJNJsOOwHUn +5I902kznpUs3VTVvbWBsEfhZAD9uns07Z5b0b8UN3fZyNmXeE7gObt10obSFzoPt +yhnTCULNJ0K3cwuQDAC4Y6HQK5hvLBazdvnYT5rZqGneG9ALdQqr9if2gZFeUPQv +a63VZFwfyx5wQlFwLVbaH3tTl1dweJkZYjUC3BL1rngHNNvD1t//ERXqL2ngOe4C +1xNNOBAC2Q4upBYAuH+zoT8KMRCxEh22SPNGrlmN+9MwY+ceP1Dxa97vY9FtSMIB +dYEvoI8TyFhAjC6t4HOUxT4lvpc7Hma+1AlG5x/aSCY2A9ONdLLo5DyXSuLFHgtc +gh0dJygZ85sd90k8hl+73muHHofG6HuzMNaQhN8sFoaiedhIHa5+Lv6FVyd7Y0dy +QVHiPVcf5KG3o0y6OnXdfsGNUsak01fqQhIewVghdTU9liGW8PH1UVWO310q1K46 +U46Hp/JBamvvW5B2ZSg8Dj4arS7/TxxNqbIPAtNxtN7Hwg1dubGWMatCv2A8Cx29 +oWIeUG2HKY4XvbdOnpWvCGx+sUqBiK6Sf5zvJF+UigmZPKrZgbrFWSC1tf0RYn9d +IyH4JGo4uP5OCxBWFvtj2d51qJJvdnlegKkPd9E0vzIZRHJsSoAx54MmqRZQkPzV +56iQXA4iTfhv2sF7Uer379OV//ML5xIjsV+IkJepTUtAgimqkKKRktCPfFT6mOtw +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.crl b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.crl Binary files differnew file mode 100644 index 0000000..27cfe39 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.crl diff --git a/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.pem b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.pem new file mode 100644 index 0000000..73b10cb --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.pem @@ -0,0 +1,32 @@ +-----BEGIN X509 CRL----- +MIIFdTCCAV0CAQEwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApTYW1iYVN0YXRlMRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNh +bWJhU2VsZlRlc3RpbmcxGjAYBgNVBAsMEUNBIEFkbWluaXN0cmF0aW9uMSAwHgYD +VQQDDBdDQSBvZiBzYW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmY2Et +c2FtYmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20XDTE2MDMxNjIzMjgz +NFoXDTM2MDMxMTIzMjgzNFqgYjBgMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4YW1w +bGUuY29tQHNhbWJhLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhN +mcwMdTbqJ8M+MAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IEAQA13bwPRi4+ +CaG7MSTVA4Z4JZIU1CQagBJCah0XPXl+xIs/aWCxS3jdFnCUNLOxrKk5Onrsv0z7 +YWQJHsH2Lu0I38SPyWhftmhrqn74QQyfbGMGblDufbfJsHNyeME2z0ZtCoHUgaz2 +kMatR7ys6uvOY4Moghr/xNK2QYSzCFsetF/5ua2h547GK+VMqb4wH14WIx0ljVO0 +knpqT+uX5b+3KX2QcUFDIzRJZWBj0gDWzNxL5PSbZbcxtpUpUIgbFHD8HGRAu3R3 +MCJE3mKuKyaRKqLaF/qOWnskkHnIV3gObeKIgWFNLiyQKUAvu0m3QO7b5zqUeOep +JMy/3dwixIoDU5QU1O7TAvJQhVscjt0baQaklqlI7jKwdd1xk6brIXKqLa55ALd2 +RIs7I01X/ZyukrY+NbvQOGh/Weqnxe2IM91DkVQGYNxaa52Fqlrop3U4qdZRgtuL +Ye8RP3IPcVEoH/t/fW6IBTEN1uG9vVvyUUW2H4lI44yeNt2Pd+6qXXFyKZ9pfctx +7zCOdo9/ikSzCddLFKL6bgJ4vxNuSt+4csq79BytK+69SrsGP/R87154uqA8nMPm +TXpFhL3YBqOklphc1JVCccTp/824vkrgrEOSB7uIZOtdTpTuRabo6R5yv2pjC5GR +om3sI8c7xKeUUsfxDF2jt4vJHlKgYEx8YgbAdKq3As0fkpsY0IcMSNR1KMq8H4ia +0eNWy1YmkvcZzZTL1GBtL1XNPHkvmuBHV2rglBg7PAklr/9WX7IM6AZh2WKP0Spe +ih1C7YlVzCgQgOaGEe28jegtgkr3I84j34GJmK5WO5fa7/au8wzUDEyGTJE1wZxv +k1s4TKiNuCSiH26qVUKfwpzrqhiW/ElAeKsXxjg/V7anhPbQsd+sz4RNFi9RldlY +tdXkPmKBTvupJkVa3ZUxl8gyXNW8t8bSpW2kYFOorxnEkvhwIxMhwSC9pyEyNFXa +sxsMZ/BcvFBcJYORhxMYVNksCriyWRuYsNORC8s9wnygbQ2n3TuoloZ9rR8mc6XK +3EgLwhOyENWToRurBdN7Vq6BuNtnl5P/Rd2WBTy62EcXkrnJCCUK4ouP3o0MRt/V +LdQiCVf9nnHdkiWMQMH4pkgrEJb70IvS/MAAee3SFuMNa72zgD9Pgk4NX6upqt8s +3+wo0gqmg1gJ9RQUyk/TuYMgdBVg68B6G1C8RifxffhZMj/rOm1xdXXwRfmDyrHZ +aaNZv3VHTEIJjSCHMkDV7SD9d36gdX0F1lLP5HIu0QTWJeyE/fFTD+hQMY5Ryk+c +nzW2ZYuTp14xWD3NTQzq/NS+BPpOcAtL3hSpyvP4UkIFGZc7OUPPBBwR2xTVLQfZ +YqKrAHJKgPXZ +-----END X509 CRL----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-cert.cer Binary files differnew file mode 100644 index 0000000..9119678 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-cert.pem new file mode 100644 index 0000000..7486a63 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:29:41 2016 GMT + Not After : Mar 11 23:29:41 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom.samba.example.com/emailAddress=administrator@addom.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:91:64:f2:1b:2b:ed:9b:40:bc:0d:46:23:49: + 77:32:74:fe:cb:9a:46:86:33:1e:56:bd:c8:da:dd: + e6:2a:07:34:61:1c:f0:b8:71:29:24:2b:90:f3:43: + 99:6f:69:f6:ff:8d:b9:b7:3f:f3:36:6a:99:90:90: + d6:95:63:4e:88:5a:d7:41:89:7f:73:13:64:49:c7: + de:42:65:08:5d:ca:04:b2:68:3a:40:7f:6a:05:df: + 56:30:2f:ac:1b:8b:0f:c3:15:3c:38:0f:90:50:44: + 00:bb:59:40:f6:d2:e8:5b:73:03:0d:f6:7d:38:5d: + 2f:99:c3:0d:13:0f:74:d0:9e:ef:1e:92:42:c4:46: + 7c:dc:85:7e:e9:af:91:4e:9d:5f:82:af:58:60:18: + a5:ac:91:6e:dd:cf:a7:32:3c:d2:f4:e9:81:be:80: + 9e:0c:ca:1f:1a:be:98:c4:fe:e6:25:c1:89:fe:16: + 0a:30:90:d3:d4:e5:af:89:24:64:12:d0:4f:19:e2: + 1b:86:fb:06:a9:63:d1:47:10:89:dc:2b:52:24:dc: + 66:a9:56:c2:cb:f4:ec:35:12:f4:ad:5e:fc:ff:86: + e9:b1:f9:1f:b3:ce:44:fb:be:04:af:8d:42:9b:56: + a5:02:7f:c5:cf:5f:23:41:1c:69:ee:33:97:7a:81: + 50:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@addom.samba.example.com + X509v3 Subject Key Identifier: + 30:10:6E:1F:7E:52:33:8C:C8:85:E5:92:74:5D:76:7E:E9:33:5B:36 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 53:3e:51:d2:5d:2c:69:23:5b:dd:05:1a:23:ff:39:5d:54:63: + e5:da:e1:4b:60:8c:09:7c:4e:8e:da:8a:bb:63:5d:bc:2d:a0: + d4:ce:9e:d2:ce:38:d7:32:67:ba:4a:a6:d1:1d:c4:c7:50:e8: + 9a:9e:44:56:1a:9c:f4:8f:b9:8e:39:84:21:db:0f:60:8a:60: + b4:0f:4f:3c:35:a0:d2:37:3d:88:e8:0a:18:a7:a7:2d:19:e3: + aa:d3:8e:18:8f:35:ef:3e:4a:95:c4:d3:9b:f4:cf:89:c2:70: + b9:8c:5c:ef:8a:9e:7a:56:73:13:eb:8b:b7:d9:e1:88:5b:c4: + 62:47:42:45:8d:7b:2d:cf:71:83:1b:48:9d:84:8f:65:66:97: + 61:fc:f6:30:34:e8:88:2a:34:91:48:dc:7a:b7:65:bc:9c:98: + 00:4c:e7:49:fe:4d:a9:56:ea:87:d6:6c:46:39:f2:98:5b:56: + 14:82:f2:9e:b8:ad:fd:89:36:48:87:4e:5c:ef:3f:e0:35:ff: + 72:5f:5b:e1:c2:fd:d9:6e:40:2b:35:ad:50:08:74:94:87:89: + c4:cd:c7:ab:a7:19:4e:ba:f2:1d:83:0f:b0:cf:9c:e6:df:73: + 36:88:cf:42:9c:a3:72:27:0f:f7:bf:5b:cc:6b:e5:20:03:b5: + 4a:1c:f3:7d:ae:92:43:aa:bb:13:07:a4:3a:77:3d:34:01:00: + f1:89:aa:e8:1b:09:7b:b8:b0:e1:54:03:ff:3d:8d:be:35:b9: + 13:b2:59:58:32:48:93:f8:e7:d7:3d:49:70:01:44:e6:2b:21: + b3:75:49:ae:44:7a:50:15:b8:65:f3:c3:48:96:df:c8:d9:2a: + f7:c5:2a:7e:2c:68:77:af:2d:78:1b:fc:1a:d8:f4:8b:a6:86: + 35:d2:f0:87:e9:d6:30:0a:76:65:f8:71:e9:80:0d:1f:16:86: + 89:92:81:34:d9:be:9b:41:25:ec:65:a9:0a:56:b2:03:91:54: + 02:21:97:99:74:61:8c:4a:2e:f4:d0:b1:8b:f1:e6:26:52:bc: + f6:f2:e0:bd:96:66:22:c3:4e:51:2f:c3:c4:65:65:c7:97:b5: + 1b:29:23:7a:c0:7b:fb:49:33:a0:a9:6a:b7:2f:f3:44:6b:5b: + 0c:2c:0d:75:f2:50:d5:82:ba:9a:ab:e0:89:0a:b6:b5:8a:5e: + 1a:67:ab:d9:a7:21:22:75:61:1e:d7:21:36:15:6a:da:a8:39: + 4d:95:50:2b:e6:ac:c4:f6:38:74:c9:c5:ac:ce:2f:b3:c8:d4: + ad:18:a7:93:d4:1a:be:c2:be:9e:39:e6:a7:b1:0e:93:d0:9e: + cf:b0:ac:53:7d:08:1f:9d:a5:98:2b:4e:f6:80:e4:df:ea:43: + a2:f9:64:bf:84:b2:ff:1c:93:36:60:74:08:4e:5b:d6:24:9a: + f8:ac:c7:81:f9:2a:a9:00:28:44:15:6a:31:b9:b5:08:89:c8: + 31:15:1e:8f:9d:2c:d0:e3:a8:32:2c:68:42:41:19:6c:43:8e: + 69:c0:44:01:ba:1c:c4:ea:f4:ff:c8:57:03:ba:df:3f:5e:a5: + 03:da:75:31:2e:07:67:a7:5c:02:55:c3:6f:8f:11:f5:8c:56: + a1:f7:4b:bb:46:d0:e5:ff:68:c1:77:3d:0d:35:12:f5:40:af: + cd:05:5c:53:74:ff:54:e0:c0:c6:10:5c:e8:33:06:0a:50:47: + 7e:71:3a:36:66:aa:f8:de:97:2a:ae:bf:8d:6d:d4:39:c4:fd: + b3:03:1d:a5:9c:47:39:8c:c0:b3:73:f8:3a:d6:34:ac:49:4f: + b3:87:74:11:20:8f:c0:aa:24:a7:30:20:0c:c0:d9:1c:44:ee: + ae:c8:b8:13:63:e5:f8:5e:8f:b0:5a:46:c5:83:3d:41:62:06: + e4:62:a6:0a:40:cc:8e:59:ad:8a:36:4e:20:e6:f2:32:04:6e: + ee:4e:7d:97:88:dc:ea:74:90:c4:ab:a8:b5:bc:6c:81:b1:64: + 77:a6:93:34:44:e4:60:38:b1:0c:2b:29:3a:4a:f7:17:d7:3a: + c8:42:7e:db:4d:5f:09:92:ae:6c:90:e1:7d:9f:96:9c:1a:82: + bd:45:02:76:29:62:e5:b9:14:53:01:53:c0:5a:d5:34:53:7a: + 25:49:3e:3d:db:19:7e:29:57:80:78:67:ea:21:3e:3d:59:36: + e0:8b:da:75:57:9b:c8:9d:a1:18:18:e2:5c:35:35:9e:62:2c: + f5:0f:c0:8f:55:16:a5:d4:9e:cd:0e:78:87:9d:53:d3:01:e1: + 18:61:36:1c:06:c3:3a:43:f3:8a:13:e6:4e:52:32:fd:46:21: + cd:62:18:1f:ae:f5:f2:1a:ea:7a:01:3b:a1:3f:1d:16:00:91: + 5e:94:78:f4:60:33:54:a9:fc:1c:0a:75:f9:17:aa:dd:12:91: + 66:4b:f0:d1:60:25:d4:06:d1:99:9c:c5:64:01:4b:ba:d9:66: + ba:9c:f7:68:75:fd:11:3a:eb:6e:fb:8f:a6:17:8a:cd:bc:1a: + 59:f9:a9:cd:33:db:7d:71:26:7d:c7:be:de:eb:2e:c0:7e:db: + 29:08:0e:82:63:1e:8c:8f:e6:21:1c:b1:49:13:9e:df:78:3b: + 68:01:17:0f:df:97:96:58:32:48:1e:5c:ff:fa:db:90:b5:05: + 84:68:fd:7c:c0:a5:35:d9:75:1e:ea:cc:25:25:3f:6e +-----BEGIN CERTIFICATE----- +MIIJGzCCBQOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI5NDFaFw0zNjAzMTEyMzI5NDFaMIGzMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxLjAsBgNVBAMMJWFkbWluaXN0cmF0b3JAYWRkb20uc2FtYmEuZXhh +bXBsZS5jb20xNDAyBgkqhkiG9w0BCQEWJWFkbWluaXN0cmF0b3JAYWRkb20uc2Ft +YmEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ +kWTyGyvtm0C8DUYjSXcydP7LmkaGMx5Wvcja3eYqBzRhHPC4cSkkK5DzQ5lvafb/ +jbm3P/M2apmQkNaVY06IWtdBiX9zE2RJx95CZQhdygSyaDpAf2oF31YwL6wbiw/D +FTw4D5BQRAC7WUD20uhbcwMN9n04XS+Zww0TD3TQnu8ekkLERnzchX7pr5FOnV+C +r1hgGKWskW7dz6cyPNL06YG+gJ4Myh8avpjE/uYlwYn+FgowkNPU5a+JJGQS0E8Z +4huG+wapY9FHEIncK1Ik3GapVsLL9Ow1EvStXvz/humx+R+zzkT7vgSvjUKbVqUC +f8XPXyNBHGnuM5d6gVCLAgMBAAGjggIjMIICHzAJBgNVHRMEAjAAME8GA1UdHwRI +MEYwRKBCoECGPmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1z +YW1iYS5leGFtcGxlLmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNV +HQ8EBAMCBeAwVQYJYIZIAYb4QgENBEgWRlNtYXJ0IENhcmQgTG9naW4gQ2VydGlm +aWNhdGUgZm9yIGFkbWluaXN0cmF0b3JAYWRkb20uc2FtYmEuZXhhbXBsZS5jb20w +HQYDVR0OBBYEFDAQbh9+UjOMyIXlknRddn7pM1s2MB8GA1UdIwQYMBaAFKI+Aiqj +p005tAhNmcwMdTbqJ8M+MGcGA1UdEQRgMF6BJWFkbWluaXN0cmF0b3JAYWRkb20u +c2FtYmEuZXhhbXBsZS5jb22gNQYKKwYBBAGCNxQCA6AnDCVhZG1pbmlzdHJhdG9y +QGFkZG9tLnNhbWJhLmV4YW1wbGUuY29tMDEGA1UdEgQqMCiBJmNhLXNhbWJhLmV4 +YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0GCWCGSAGG+EIBBARAFj5odHRw +Oi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5j +b20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcDAgYKKwYBBAGCNxQCAjANBgkq +hkiG9w0BAQsFAAOCBAEAUz5R0l0saSNb3QUaI/85XVRj5drhS2CMCXxOjtqKu2Nd +vC2g1M6e0s441zJnukqm0R3Ex1Domp5EVhqc9I+5jjmEIdsPYIpgtA9PPDWg0jc9 +iOgKGKenLRnjqtOOGI817z5KlcTTm/TPicJwuYxc74qeelZzE+uLt9nhiFvEYkdC +RY17Lc9xgxtInYSPZWaXYfz2MDToiCo0kUjcerdlvJyYAEznSf5NqVbqh9ZsRjny +mFtWFILynrit/Yk2SIdOXO8/4DX/cl9b4cL92W5AKzWtUAh0lIeJxM3Hq6cZTrry +HYMPsM+c5t9zNojPQpyjcicP979bzGvlIAO1Shzzfa6SQ6q7EwekOnc9NAEA8Ymq +6BsJe7iw4VQD/z2NvjW5E7JZWDJIk/jn1z1JcAFE5ishs3VJrkR6UBW4ZfPDSJbf +yNkq98Uqfixod68teBv8Gtj0i6aGNdLwh+nWMAp2Zfhx6YANHxaGiZKBNNm+m0El +7GWpClayA5FUAiGXmXRhjEou9NCxi/HmJlK89vLgvZZmIsNOUS/DxGVlx5e1Gykj +esB7+0kzoKlqty/zRGtbDCwNdfJQ1YK6mqvgiQq2tYpeGmer2achInVhHtchNhVq +2qg5TZVQK+asxPY4dMnFrM4vs8jUrRink9QavsK+njnmp7EOk9Cez7CsU30IH52l +mCtO9oDk3+pDovlkv4Sy/xyTNmB0CE5b1iSa+KzHgfkqqQAoRBVqMbm1CInIMRUe +j50s0OOoMixoQkEZbEOOacBEAbocxOr0/8hXA7rfP16lA9p1MS4HZ6dcAlXDb48R +9YxWofdLu0bQ5f9owXc9DTUS9UCvzQVcU3T/VODAxhBc6DMGClBHfnE6Nmaq+N6X +Kq6/jW3UOcT9swMdpZxHOYzAs3P4OtY0rElPs4d0ESCPwKokpzAgDMDZHETursi4 +E2Pl+F6PsFpGxYM9QWIG5GKmCkDMjlmtijZOIObyMgRu7k59l4jc6nSQxKuotbxs +gbFkd6aTNETkYDixDCspOkr3F9c6yEJ+201fCZKubJDhfZ+WnBqCvUUCdili5bkU +UwFTwFrVNFN6JUk+PdsZfilXgHhn6iE+PVk24IvadVebyJ2hGBjiXDU1nmIs9Q/A +j1UWpdSezQ54h51T0wHhGGE2HAbDOkPzihPmTlIy/UYhzWIYH6718hrqegE7oT8d +FgCRXpR49GAzVKn8HAp1+Req3RKRZkvw0WAl1AbRmZzFZAFLutlmupz3aHX9ETrr +bvuPpheKzbwaWfmpzTPbfXEmfce+3usuwH7bKQgOgmMejI/mIRyxSROe33g7aAEX +D9+XllgySB5c//rbkLUFhGj9fMClNdl1HurMJSU/bg== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-key.pem new file mode 100644 index 0000000..0d33211 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI06+E0Qn55PYCAggA +MBQGCCqGSIb3DQMHBAgRIdE1BfEflgSCBMgjWcKNk0gmS+OepxYA2tMjMir2YwFb +ht/PFx0llj4Zt2U2TgvSFhm7JcsNPXqqqElIvEeNrY5BTB6Jbkd5pt1EpKcBlgHQ +cPtjslAxo5C5FgvLuzaFd1tRhHm7UWygTRcI+79zRmypOm0v57ZdS6Z218sJc0gk +re7tBT+lF+S5uCRAUmWBgdVjEFjW+1r0dhVJWYftB8JoE4zW+B0wEz6PIv0cTt7K +cnjHVMFKWPJStAbJ98RWchF0KWeu+cuWAWt/rJ2QrM+q1bBP4Mgn6XfRnKbcJofk +BG5v4oo8B/TSe3woBMtf2BheaeXDa96D7lxF7gELTkdodNfJd9s66GLSRKCk6amk +eJKO8fLZbXpiT0/TGeFvrihWa/ZpVG4I94KDn2a+U8Agq+B1WA6MqCt6txK6GFIN +okCRyRUYb6TFDI2JA+jeEX+0tStVGp+qNyk4PT4tZOG2BJ2dq5F6+KF0VzE8I7V0 +zIFWQvvwO8N+osvmJgQgxI6JOq0ubiHEEiSrd4lKVO7NJ223I9GXao/z+0l5ywYn +SL0LEsw2adblRDgzBnsLCqWEeC3Oczg790AaNkqWPolGKBEpOXlCPCjILJfG/7Ii +GGvuAQaXOOM3fnxb2oTOpFMn6BQDmX77hiCKGTB4VCgTIhwBOpwLDeDxjyUjCp2C +PPtped8Dne+kK9iGuHyu45sXrVtxfigfKh9+ncCsFVQfpmcYXDiUhn/RUP4qezco +jkKeC+S4lM9mG/KzWeDUtMlYkEqFA6yxs05VzpxR3h7sizV0YAE2evSxn3w4aYWY +GGKtVG4h30f7YbxI1N9+2iBTToAejF5gF5/WDPn8N+voohQCIQ6iAZ48vUDuQGme +mzi73xu774u7M/BnmgtTr1ZG9gvT+F6q6rnJFAqj3k8j+mv2w4XCqytZJ4OGTijo +j/s/eZDWmo4t/WXUMjePDzXl96hjBq4bZOpqNwKDLsqbVwQrhFzXTkGLhGQAyKb4 +wZywUkYfTdWa9f+A2NmWqry9Ef5KcOJTSHt6FeY5kwcY56iZT+cD4V2pgxTqQBGt +YUy/j0V35l41OTKZ6x5P3ZSk45w6RPY3/BqcnfvhSFxON3jFivg1DKIcB8WaWjss +40vP+TthOR2X4FQ/OHKwjs+tC6JpwDuSNCVwj9VBGSgjeXK/aV9BG1A0m4R7qxTV +aT4tjSSfPfkOf16hTW2ncHTr9rvY3XcYm8eC5E/IEQ7gxpG/JI0+xK2tel0bochs +aSBP+qGP85Sib3pcnepG6Zhkx4KgTvhbWRAfNS5rB1jLGSpeWQkMZmun91tTuVLK +fRyfQZ2gkr2ixX/zlPb1bhIXHUBgnoUyUHwZ2lNCDp/dm+nGYqXeeg9lZfD3dYpQ +Yd1zdR7Faj8aOsC9T4DRUDzgUIUCdvd2wdmnXF1YB43VgXjsAkfZkEVve1ltv4iG +OAtp0n9aUz+4yS4kBLWEQfNsK7Tz5zjN2BJmm5qQWARxVbR/shhYKqXuY9HbmB95 +sGc1d37pK+n4HvXqQ701zEuvtwyP/P4gg7HjBI2pauuKfT+eVK+xpTBx4W8imY7j +8IhJ4IBBUWzoMoADD132fVW7f3vpp1XGjvbq5fgDlU6beVsWS9KXBD2Wsl7FDkJ5 +49U= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-openssl.cnf new file mode 100644 index 0000000..da136b8 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = administrator@addom.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = administrator@addom.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for administrator@addom.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:administrator@addom.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-private-key.pem new file mode 100644 index 0000000..1510760 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvpFk8hsr7ZtAvA1GI0l3MnT+y5pGhjMeVr3I2t3mKgc0YRzw +uHEpJCuQ80OZb2n2/425tz/zNmqZkJDWlWNOiFrXQYl/cxNkScfeQmUIXcoEsmg6 +QH9qBd9WMC+sG4sPwxU8OA+QUEQAu1lA9tLoW3MDDfZ9OF0vmcMNEw900J7vHpJC +xEZ83IV+6a+RTp1fgq9YYBilrJFu3c+nMjzS9OmBvoCeDMofGr6YxP7mJcGJ/hYK +MJDT1OWviSRkEtBPGeIbhvsGqWPRRxCJ3CtSJNxmqVbCy/TsNRL0rV78/4bpsfkf +s85E+74Er41Cm1alAn/Fz18jQRxp7jOXeoFQiwIDAQABAoIBADkGUvmrrdJ1IcLk +CffnNPbxUYllifMAevSj5+WufwBWlZL10QawPgpnywEwWkqfn9zK8SbnyQSgk4FS +BhQ/2jEtVbpzxaKOy/TUDSs7BmziVdN5Iu1H81b8hNL4gPzg+P98bD+uUJXkM3/c +bnctl4A+A0z7VG84W1Ucq93nQyJl18E64i57JMb3tI+423FM3sJBk2FUj64Mwg8r +0p88gccSieB3GusffHazlJDKrlHdFyClLBnW3OQHegv42JOKZErIMHwlaV8fhF21 +GAARx/pDgnvIYUaGhLrf2pCyIkOZIdUedA84rLwAZT9akOtxpNCAxlVUn4xcpAC1 +EAKzGbECgYEA99Hzh3vDNGINYJjqsw01E71DelNTeUmBOuJKqdOG0YLHiG0tERcx +9KLv+7Uo/qtuRzpkMHao7+zC4spQBk1yYkjVtPkXhWdgVUOztkkza72jlwtVu0eK +VYfB7eubOMnSsPtVeYyyM6DFKBRUxo0VKsvvjD/84WdCGsgy+jDRDUkCgYEAxNur +XMStYOnxdebOGFs5U8jc+/HNNuaCpSkk98uQ0/VfWp8TXA508FYnT6/BcoH+3hHy +7W/7aMv//0IWgNQk8m1w33svDdq7jRJXrIpyb7QaX2OW8IfTfIMKVXOgxPvD/4IK +lvmvf8T7K0W7rDYdcfy9bsDb0RQcH0Z3cp4lUzMCgYEAmLjmX6RB1FJo9BLI8Lc+ +8n88ynH3i1NlNKioYqhc+VijJsxBbbrhqmWPh4tJTEjRmUu+2q8FxXYfVCxhzMCF +sVQ5f2HSwP/IOkOSyM+rxMYFvtvZZaTc94DGXp1H92NJWJBLSLEQUQjO97gv1nyz +gsBTTBdS/IXqEx81a0ISUyECgYA80saClj4fmIjDbfm1qtHuojwtGAvY76XkE+9Z +JKtt4f2BSW843TqiW2wwAdTaZXHy+Ua+t//M5GMHYksDqQh1Yv0h/7SNKk0SjF1M +cUZkXxha6rFjRgRBD1ftCRneYw+u7WYKOcFQz/Lu7s/KqLm2U2nQQ4RneDgsLaCQ +aG6N4wKBgArI0d3MlNFXLU7bT+q/2BaZ5VBwaF/6DlI4m1hDT8dKtOTja+y6vAm/ +aH82uJyoom8R/w2H/ICe3NuwYgTo/7Vy6xMt1TnskGOc0yjTZBMMU1nN8zrxlgD1 +1Xr8TzGOf//mK4H54B/POSq6WZ0PSXDVGToVWMdif+2Rq16+CcKp +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-private.p12 Binary files differnew file mode 100644 index 0000000..94d39b5 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-req.pem new file mode 100644 index 0000000..fbaf0fc --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-S03-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDDTCCAfUCAQAwgccxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMS4wLAYDVQQDDCVhZG1pbmlzdHJhdG9yQGFkZG9tLnNh +bWJhLmV4YW1wbGUuY29tMTQwMgYJKoZIhvcNAQkBFiVhZG1pbmlzdHJhdG9yQGFk +ZG9tLnNhbWJhLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAvpFk8hsr7ZtAvA1GI0l3MnT+y5pGhjMeVr3I2t3mKgc0YRzwuHEpJCuQ +80OZb2n2/425tz/zNmqZkJDWlWNOiFrXQYl/cxNkScfeQmUIXcoEsmg6QH9qBd9W +MC+sG4sPwxU8OA+QUEQAu1lA9tLoW3MDDfZ9OF0vmcMNEw900J7vHpJCxEZ83IV+ +6a+RTp1fgq9YYBilrJFu3c+nMjzS9OmBvoCeDMofGr6YxP7mJcGJ/hYKMJDT1OWv +iSRkEtBPGeIbhvsGqWPRRxCJ3CtSJNxmqVbCy/TsNRL0rV78/4bpsfkfs85E+74E +r41Cm1alAn/Fz18jQRxp7jOXeoFQiwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB +ALQr9rGYIkhd/AXeVoFHs/66rwaq3GccdnJpi023/5LhOlRmMa2BWTuQm3jW/3Oc +HgQOx9G0GTDpaBtAjOCGDCygw/k23oekVTQtDPiGigMnpuY2vnrjAeUFJo3us5pA +9eVPzKTzJf5ftc/aoVC39t/1Uks103M8t5vJCcexBTYQONe56XC1krY50PHZNI/u +stjOmleHZclLBU/BplId43nRlvvdkXihPiEbdV4XvhHRs/6w52DkQst6NH6jzeWk +anYEP2Oo1ROX5v201414ZaWm7oDxtNuL8NzDt+DUGISwC/9ZcqadzlaoI9XVhOb2 +AfbQMY1Q/3OeR8uRROpnHjE= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-cert.pem new file mode 120000 index 0000000..a2eb210 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-administrator@addom.samba.example.com-S03-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-private-key.pem new file mode 120000 index 0000000..afbf12e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom.samba.example.com/USER-administrator@addom.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-administrator@addom.samba.example.com-S03-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer Binary files differnew file mode 100644 index 0000000..918ddc1 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem new file mode 100644 index 0000000..2d0735a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:01 2020 GMT + Not After : Feb 23 13:31:01 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@addom2.samba.example.com/emailAddress=administrator@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:0e:b0:1d:53:4f:3c:0f:f8:90:d6:33:64:68: + 7e:ed:7c:46:96:c6:77:9c:0a:07:ed:8c:13:da:e7: + bb:b3:79:63:4b:ec:5a:2a:59:57:7c:38:69:50:c0: + a1:b4:ba:f8:1d:56:78:77:95:b3:44:13:12:83:df: + 20:95:12:01:e5:1e:1a:5b:38:69:48:86:e8:a6:0a: + 32:f4:38:36:f8:84:bd:5b:a9:70:48:c5:49:25:79: + 70:98:23:a7:58:3e:09:97:6d:67:b1:95:fa:08:86: + 2d:d6:b7:c5:d2:06:aa:5b:b8:f5:93:e6:c5:20:9a: + 9b:0c:90:2b:c7:2e:20:2f:e8:07:45:03:f3:4d:2c: + d9:eb:9c:91:d2:68:cc:fe:57:78:5c:2e:57:5b:a6: + 0e:10:6a:b8:05:ce:ab:12:31:49:e8:34:7c:3f:91: + 63:ce:3e:a6:ff:c0:7b:1b:95:b7:9b:99:a9:c7:ec: + d6:45:b7:9e:24:ee:c0:2b:a3:4c:a2:f9:04:5b:18: + 2f:0e:8b:2b:16:89:5d:cc:92:fa:49:dd:09:92:72: + 14:ba:8f:48:bd:6e:9b:88:14:98:6f:bc:0c:e3:bb: + a9:d1:0a:a8:93:6b:75:70:98:f9:a8:d8:0f:c5:e6: + a9:a4:e5:b3:72:81:76:07:73:c9:3e:d2:43:62:fe: + 1a:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@addom2.samba.example.com + X509v3 Subject Key Identifier: + 54:FB:DA:B4:F9:26:58:9A:8F:C2:D2:0A:95:B0:95:F6:D2:F6:1B:AE + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + a3:8d:f9:4e:77:ba:67:28:63:6e:3e:70:91:64:3f:51:b3:69: + ab:ff:10:04:e4:39:d1:98:bf:7e:c7:da:d3:4e:d5:29:f7:ae: + ca:e2:b1:f7:ea:67:38:7e:bb:a8:55:33:c1:de:79:6a:49:56: + 6a:48:8c:3b:43:8b:03:f4:30:11:ac:ee:88:28:ed:11:6c:37: + 33:13:7f:25:aa:d6:71:99:d2:f8:fb:4f:7a:44:c7:20:78:b2: + 22:44:17:d8:56:10:a2:4c:48:1c:3a:ad:bf:82:d7:e5:e0:66: + e9:ac:a1:11:23:b3:f8:f7:a7:84:5f:b7:d2:30:89:b7:bc:3f: + 9c:61:d8:12:bb:a4:fe:af:53:f9:f7:26:8e:be:9a:79:53:47: + b6:2b:d3:31:60:e1:39:11:11:c3:32:b8:32:d2:e2:6d:8a:05: + ae:f5:7e:f7:03:33:1c:6c:07:8e:81:a4:26:f2:0d:22:af:fe: + 48:12:48:a8:09:e2:98:4e:b9:c5:07:16:5d:a3:b2:73:7c:4c: + a7:3e:24:e9:d8:cc:72:a3:87:dd:c7:69:8d:58:dd:2e:27:69: + 72:b4:fb:62:cf:66:c4:7a:8b:8b:c4:03:16:b6:9d:7f:7b:f5: + 44:c2:04:a7:17:80:9c:f7:32:ba:3a:05:e1:71:28:16:88:6a: + 9c:f8:0e:5e:c9:0b:81:eb:2c:05:3c:4c:ff:ba:72:10:da:99: + 95:e1:ef:d2:dd:95:7d:d0:24:f6:8f:e0:1c:75:25:64:80:0e: + 16:9f:c1:d7:76:7e:45:85:27:a8:85:80:c3:62:40:58:1b:75: + c3:8e:40:0c:d9:f1:5b:a0:6b:1e:47:99:4f:00:11:68:19:93: + 77:4b:1b:56:94:79:95:f6:b8:92:49:14:e0:8f:2b:40:4c:82: + 4c:5b:a0:e2:0f:d4:f3:d1:3c:f3:e6:4c:c4:3d:2a:4c:e8:ca: + 10:c0:39:81:64:db:68:80:12:07:3f:92:7c:e0:09:aa:42:77: + 51:1e:ee:ad:33:c8:8f:f4:f2:35:2b:c7:b7:57:7c:2e:c8:27: + 71:c8:5b:1a:f2:83:fa:4f:85:13:ea:ce:0b:2f:b7:76:86:77: + 00:82:46:2f:bf:1c:b2:de:5d:52:40:64:41:54:0b:9f:8c:84: + d9:dd:08:02:51:d0:06:d0:07:6f:a1:ef:74:f4:d9:f5:30:9c: + 15:c3:d6:89:b7:f5:81:5a:c0:44:3d:99:54:e8:25:56:1f:63: + be:5c:f7:be:f1:9c:24:e0:55:46:c4:a5:7e:3f:82:20:b9:4a: + d6:14:82:45:14:d8:91:75:33:c5:df:86:9c:19:17:a4:31:4a: + 37:a2:9e:b9:11:84:ab:df:bc:21:2b:9b:96:83:b7:1b:13:78: + 07:b2:c5:5f:97:48:3b:7e:43:10:34:68:e8:25:bd:51:a0:ae: + 17:52:62:47:3c:c9:f0:b5:55:95:cd:68:d3:5f:aa:85:be:ea: + fb:2a:8a:e4:50:3d:96:5b:b3:a9:e5:45:e4:2d:da:da:8d:f0: + ae:c0:98:47:8e:ca:46:c2:21:68:a6:f9:17:41:a2:c6:21:b9: + bc:73:a7:c3:84:a9:31:b7:54:04:33:2a:fb:57:32:47:93:e1: + b2:ff:58:5b:f3:19:66:bc:65:8e:00:29:9d:56:60:7d:28:b2: + 6d:a5:a9:eb:04:7c:d3:e7:d7:af:2d:fe:df:1e:9c:3b:a9:bb: + a0:14:e4:02:7f:e6:e7:0a:b2:37:bd:fd:67:32:82:4f:c0:41: + 89:96:9a:f2:9a:04:eb:82:ee:81:8a:00:15:5e:b2:d0:e1:72: + 74:47:2f:97:fb:33:f1:8c:b9:25:8f:02:71:75:b7:21:10:74: + 4f:5f:5f:61:51:4a:69:d1:03:6b:7a:51:e4:08:03:1f:c2:a7: + 2c:c2:10:b8:27:9f:aa:01:15:61:71:72:d6:ca:23:7f:d7:60: + b8:65:51:ca:65:8e:ef:74:2e:fc:89:23:0b:55:b5:83:d7:0b: + 8c:16:ab:1a:be:3a:79:62:b3:6e:64:d1:c2:48:af:81:0e:d4: + 1f:2e:2f:c7:47:16:79:a9:b9:cc:08:29:2e:da:d5:75:96:53: + b1:be:2c:5a:5a:9c:6b:40:16:e5:92:63:49:64:99:44:c1:bc: + 2a:40:fc:3c:50:c3:dd:07:31:ee:1d:46:38:1b:c8:12:a0:16: + 9d:1c:f6:0e:a7:66:8a:b0:2f:11:19:03:1d:66:6f:fe:cc:3a: + 6c:99:ce:60:b7:f1:e9:56:40:4d:fc:ac:eb:a5:04:de:85:7c: + 19:c7:16:c1:e1:26:43:03:da:f3:50:25:16:99:e0:fa:cd:59: + c7:8b:52:cf:fc:20:d0:68:50:b9:83:36:bb:44:7b:1f:92:5f: + f6:19:5b:91:de:33:2c:f9:80:25:b9:30:4c:fa:92:5b:6d:c2: + 65:10:98:1c:c6:61:51:9e:d0:c9:49:1b:c5:c5:8a:89:72:d0: + b7:ff:db:03:f9:95:f2:a0:de:d9:dc:32:c6:20:02:e1:7c:89: + 2d:6e:72:12:12:c3:97:56:eb:7c:58:88:1f:9d:ad:4c:b4:6a: + 97:4b:0c:87:f3:41:bb:2a:ff:a6:bf:90:70:91:9b:b7:b1:e1: + cc:0f:c6:33:a5:05:03:db:f9:fb:79:5c:20:78:f9:1c:88:d4: + 84:bd:2f:9b:12:30:02:36:cd:8a:f3:42:4a:9c:dc:c3 +-----BEGIN CERTIFICATE----- +MIIJIDCCBQigAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMDFaFw00MDAyMjMxMzMxMDFaMIG1MQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxLzAtBgNVBAMMJmFkbWluaXN0cmF0b3JAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkBFiZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AOsOsB1TTzwP+JDWM2Rofu18RpbGd5wKB+2ME9rnu7N5Y0vsWipZV3w4aVDAobS6 ++B1WeHeVs0QTEoPfIJUSAeUeGls4aUiG6KYKMvQ4NviEvVupcEjFSSV5cJgjp1g+ +CZdtZ7GV+giGLda3xdIGqlu49ZPmxSCamwyQK8cuIC/oB0UD800s2euckdJozP5X +eFwuV1umDhBquAXOqxIxSeg0fD+RY84+pv/AexuVt5uZqcfs1kW3niTuwCujTKL5 +BFsYLw6LKxaJXcyS+kndCZJyFLqPSL1um4gUmG+8DOO7qdEKqJNrdXCY+ajYD8Xm +qaTls3KBdgdzyT7SQ2L+GjsCAwEAAaOCAiYwggIiMAkGA1UdEwQCMAAwTwYDVR0f +BEgwRjBEoEKgQIY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NB +LXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwEQYJYIZIAYb4QgEBBAQDAgWgMAsG +A1UdDwQEAwIF4DBWBglghkgBhvhCAQ0ESRZHU21hcnQgQ2FyZCBMb2dpbiBDZXJ0 +aWZpY2F0ZSBmb3IgYWRtaW5pc3RyYXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wHQYDVR0OBBYEFFT72rT5Jliaj8LSCpWwlfbS9huuMB8GA1UdIwQYMBaAFKI+ +Aiqjp005tAhNmcwMdTbqJ8M+MGkGA1UdEQRiMGCBJmFkbWluaXN0cmF0b3JAYWRk +b20yLnNhbWJhLmV4YW1wbGUuY29toDYGCisGAQQBgjcUAgOgKAwmYWRtaW5pc3Ry +YXRvckBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wMQYDVR0SBCowKIEmY2Etc2Ft +YmEuZXhhbXBsZS5jb21Ac2FtYmEuZXhhbXBsZS5jb20wTQYJYIZIAYb4QgEEBEAW +Pmh0dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFt +cGxlLmNvbS1jcmwuY3JsMB8GA1UdJQQYMBYGCCsGAQUFBwMCBgorBgEEAYI3FAIC +MA0GCSqGSIb3DQEBCwUAA4IEAQCjjflOd7pnKGNuPnCRZD9Rs2mr/xAE5DnRmL9+ +x9rTTtUp967K4rH36mc4fruoVTPB3nlqSVZqSIw7Q4sD9DARrO6IKO0RbDczE38l +qtZxmdL4+096RMcgeLIiRBfYVhCiTEgcOq2/gtfl4GbprKERI7P496eEX7fSMIm3 +vD+cYdgSu6T+r1P59yaOvpp5U0e2K9MxYOE5ERHDMrgy0uJtigWu9X73AzMcbAeO +gaQm8g0ir/5IEkioCeKYTrnFBxZdo7JzfEynPiTp2Mxyo4fdx2mNWN0uJ2lytPti +z2bEeouLxAMWtp1/e/VEwgSnF4Cc9zK6OgXhcSgWiGqc+A5eyQuB6ywFPEz/unIQ +2pmV4e/S3ZV90CT2j+AcdSVkgA4Wn8HXdn5FhSeohYDDYkBYG3XDjkAM2fFboGse +R5lPABFoGZN3SxtWlHmV9riSSRTgjytATIJMW6DiD9Tz0Tzz5kzEPSpM6MoQwDmB +ZNtogBIHP5J84AmqQndRHu6tM8iP9PI1K8e3V3wuyCdxyFsa8oP6T4UT6s4LL7d2 +hncAgkYvvxyy3l1SQGRBVAufjITZ3QgCUdAG0Advoe909Nn1MJwVw9aJt/WBWsBE +PZlU6CVWH2O+XPe+8Zwk4FVGxKV+P4IguUrWFIJFFNiRdTPF34acGRekMUo3op65 +EYSr37whK5uWg7cbE3gHssVfl0g7fkMQNGjoJb1RoK4XUmJHPMnwtVWVzWjTX6qF +vur7KorkUD2WW7Op5UXkLdrajfCuwJhHjspGwiFopvkXQaLGIbm8c6fDhKkxt1QE +Myr7VzJHk+Gy/1hb8xlmvGWOACmdVmB9KLJtpanrBHzT59evLf7fHpw7qbugFOQC +f+bnCrI3vf1nMoJPwEGJlprymgTrgu6BigAVXrLQ4XJ0Ry+X+zPxjLkljwJxdbch +EHRPX19hUUpp0QNrelHkCAMfwqcswhC4J5+qARVhcXLWyiN/12C4ZVHKZY7vdC78 +iSMLVbWD1wuMFqsavjp5YrNuZNHCSK+BDtQfLi/HRxZ5qbnMCCku2tV1llOxvixa +WpxrQBblkmNJZJlEwbwqQPw8UMPdBzHuHUY4G8gSoBadHPYOp2aKsC8RGQMdZm/+ +zDpsmc5gt/HpVkBN/KzrpQTehXwZxxbB4SZDA9rzUCUWmeD6zVnHi1LP/CDQaFC5 +gza7RHsfkl/2GVuR3jMs+YAluTBM+pJbbcJlEJgcxmFRntDJSRvFxYqJctC3/9sD ++ZXyoN7Z3DLGIALhfIktbnISEsOXVut8WIgfna1MtGqXSwyH80G7Kv+mv5BwkZu3 +seHMD8YzpQUD2/n7eVwgePkciNSEvS+bEjACNs2K80JKnNzD +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem new file mode 100644 index 0000000..a02f6ed --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaygDRmw72ICAggA +MBQGCCqGSIb3DQMHBAgu9NwWonUgGwSCBMjCCAaRQSglNmeXddY1GpRd9s7mCp0a +vUHtfHk4qSiPpw/qURTJfeMtZU0XTFeMd9ZSIDIuV9CVUPaaCqASlUwbmJRaGPdS +1O3xP+0V3VaB3k1c6rCdpERXf/moNSwEnnL2i6twOkW7I9+N7jIqFpeh8RHG1iEJ +ys8jm6ojtvGRQpF0aT5eboydb5f4d3vq59HXvm/h55LlzC5uao7Kuk03oU5uUeZm +CDWBwHkgBvsbD/fVaIjHrdMqsCeXQ7AMd8caJsm3GZqorCw/IzrVWXRz30Ianv/u +WzajtVtYBA69gRHPiiZ9jHbf7DR2TDRA8azpCWFpBBcp37je5RkigBAsZQDhLuN0 +oe9rk/RkIEYEhteSFnkr6AaG/44ln3EEEM3QUKuGQMi5yTQ1qHXcqHRaivR6mO9A +IOTxQ2dFdz+lbZwqas6TIEVarm1uBbeJUWtC3XRd1T1zOKmBHShUcOAyPC01Tbwc +qjFDlx1DC3c+mCNHrBgKZ71KDld6GGOPjIbAuEn6Clvo618bFlofgRa9qHTJ08KG +dxNpjpVkRCBmanTrZj5V0DFW2iEpNCoAi/eCirm82hvet4zofoS46wdoN2DBabCy +WqqrP6VHq1YRC8K6z9jimhoNmamuVYsLDBr6uDcNqX8dkgMU/AGZH0iefuJgN9iZ +sDaOU9RLTdFOlUGJ1VD5+VJVaikTQacEfsmgfz+sh8hshXGU5y1yHLC3wzXZ0ESc +ZStyFbI/a+Loul7eTulnAnDLkmHJIBXQZ/ARiY1G07iydHGLY0NZjPfPEJ42d2aM +C3DBN6AvZvZx9dAFMVLxIIfsdSiHRfiDLARO5N/frkSp8+5TFswBNLcz+1J/mVdw +VGubugfKyqJLYPhCNhk46c77Fj/OaCOOaJZBW7hmyUZY67p/K/XUFK0zsrrnGRp8 +igPM8KEOHsdcZsgDXI1gXOc33lBcOa0u9gIT7Ec8TtBo/5sqOBdPKuYniOKiO9Oy +dPeyPUqIikzgp5n/SbdHA5V35hvE1Nf8RwiR1xrFkeHOnLHlmDXNOuw/oKr2P6jw +KsvooGxZT4yT8g8D58jVs2yIn/dFjfk380hxB7aMaxyYf+4MjCYT/zYnP2/bEdcz +/k86GfmHUqT322n6SiHw4QH1blJRkOPNUehMBt3Sr5G1Mq0cCWsFuaBfmy3CcCqW +jx7DSYLaHRZxnELFceXWrJe8qCyLoFKETIMKw8g6lsvKMmAePD6DN284tJPxzXs9 +1FfRTeDgpBsbx19/vv5CgIzvcUqcFkGHHtlo2LYYYLYzflWcYtdYrfsHeNGjjk6Z +SfQcHDuQ4NeS8cgt8AyOyj5pWaD4Xiz0anrM1sry1NT82aQzEU+bIiMSnBxHGVhX +1hHDR4JATfbU7PDGpy648MIN6Ox7cHW+maRLH/MyLtavnrkFSnvf6aFt58IfKga3 +GwsCzUoXWLdSEicGPPcgW0+S9NL/C8xu67n//oijIe/9eHuw9R9J7u6hhjmWTk/S +Osq7ilvRc6ueKkFjysR+HBtQgfwXoTHXb2X5tpCBUKVJkOlin6JJW0CIfdeBKgjQ +R4hEhQ4aXHCG+IZ29IAXRvAPyrdw5Zv7lBZl5hKXk+KKMshAkR0nLBkiRJw45fR5 +SJk= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf new file mode 100644 index 0000000..35a120e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = administrator@addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = administrator@addom2.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for administrator@addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:administrator@addom2.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem new file mode 100644 index 0000000..bfd9bf6 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6w6wHVNPPA/4kNYzZGh+7XxGlsZ3nAoH7YwT2ue7s3ljS+xa +KllXfDhpUMChtLr4HVZ4d5WzRBMSg98glRIB5R4aWzhpSIbopgoy9Dg2+IS9W6lw +SMVJJXlwmCOnWD4Jl21nsZX6CIYt1rfF0gaqW7j1k+bFIJqbDJArxy4gL+gHRQPz +TSzZ65yR0mjM/ld4XC5XW6YOEGq4Bc6rEjFJ6DR8P5Fjzj6m/8B7G5W3m5mpx+zW +RbeeJO7AK6NMovkEWxgvDosrFoldzJL6Sd0JknIUuo9IvW6biBSYb7wM47up0Qqo +k2t1cJj5qNgPxeappOWzcoF2B3PJPtJDYv4aOwIDAQABAoIBAGEgSJVVf0AKOWNf +nwy2QPxQhbp3d6T6YBw/7VRevKiEWAtfNkKZeBTUGnBLqIXNXAiDWnPPX6uZVeU3 +pXbzYeUSc0GOJbLaS/eP704KjGxULQpbERKAsqDRdTzoPpWvzLbNdjNjDVXIW9iF +RzBpoKsV2iOrD3lRaQ/f4rcC0Dn6k3ViM14twahAZI9TU/LcUQhmjI4xkmEOZtxi +yocK+aibj4NYiOPfDFOVmNUJnKzsBiMFH++1YlzC1BlWL+ILwA/paBxGMz7/dMPO +3kHJttV9IAZ9EoxDCRxREXOFjKEIdo/mVAIoh+IlELo9z5SDsgL/5ny/8+X3+cK+ +a9BCQcECgYEA/NHSgTC/Bf/REb+nqYhF2QLe0EUIbJAaVy9QZEkWouwdjpV4GFZ+ +cnDYP2V2NP0D3jrWr9Nfhr3vb2liraFZaMcHLJ11Ke+vUEsSLut5qTpp+L66OhDO +m7kHk1ilH2Y5GbgfV4w7QgWKXymk+OT+1G5M22Ssc79vGo+qfd/A+oUCgYEA7gOq +EJ+Ok4FKqSRNGDW1BGspqr1khsefow+6VdFyX7WhejDxUsMTnvENx0udt39ExNRM +C3o8Fu2kLQXq7F8QpryWy3t2gpPOS31ihhZkDRXR6F8VVMTF6eIDSPXl/r8usgz/ +2a7P6Etl2c3KZz+2PCeuKCzuCRuDNc4pONuDvb8CgYA70xrQ30wUi1hZrtRp1YlR +tNAs0GkR53eUMeoAERt+KglEeDIW8ECzq+g/+C5kk4qax6mNqaLtK3zBDFsBYzDZ +Dl+wOwJCjikaAummmKoNVXlGFzvSCbAaQUp9n3hTWckhQOSJvvE2ykDYC+6xxt5W +PlOJhuUX7rDHxD8/0fbEUQKBgQChZDyyTu8n2DjfHm1kaC6Zk2zKiOgceEooEKci +QAaVHZ0kNQG+Q+cPFJdqNzz3y0W/TdFOyxDp3zQ/D08v/npVBXYe/lXqzvzItXnU +QGSRduVB8w+Mzm0BXa8qjwroxYyNUUE/w0jZVB75JJEFl+8jNSjjtyulY1GCb4wG +MNtREwKBgCxPG7IYC5YTubvUE6AH9ZVm1e1QxEKF8v8YYlVwLTlmZQYVBNEQw0+M +WPScm27j3qUJG7AHG9R+nSSj3A9IeUY0trD5KCMTNuQQcXK1e0kdOlR2uGd2YUL5 +hZ9g7PjNolIpCV5Ifi6Lb8JbAOyvbcgEljGse9hN1gppmbnNndU1 +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 Binary files differnew file mode 100644 index 0000000..8c5f769 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem new file mode 100644 index 0000000..db7f078 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-S07-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDDzCCAfcCAQAwgckxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMS8wLQYDVQQDDCZhZG1pbmlzdHJhdG9yQGFkZG9tMi5z +YW1iYS5leGFtcGxlLmNvbTE1MDMGCSqGSIb3DQEJARYmYWRtaW5pc3RyYXRvckBh +ZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDrDrAdU088D/iQ1jNkaH7tfEaWxnecCgftjBPa57uzeWNL7FoqWVd8 +OGlQwKG0uvgdVnh3lbNEExKD3yCVEgHlHhpbOGlIhuimCjL0ODb4hL1bqXBIxUkl +eXCYI6dYPgmXbWexlfoIhi3Wt8XSBqpbuPWT5sUgmpsMkCvHLiAv6AdFA/NNLNnr +nJHSaMz+V3hcLldbpg4QargFzqsSMUnoNHw/kWPOPqb/wHsblbebmanH7NZFt54k +7sAro0yi+QRbGC8OiysWiV3MkvpJ3QmSchS6j0i9bpuIFJhvvAzju6nRCqiTa3Vw +mPmo2A/F5qmk5bNygXYHc8k+0kNi/ho7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOC +AQEAJndP6nZGzsmKplQ/4elWObJD5ye2mN64G9+Tcd+A1Y1j9XpizETi+IrikScJ +T1BDqUhCVT5fjCy3qgKBD5zeHmakZltcRki8HJT7eWWZFXhEB+buQ9KBgrrS/dX+ +6wflVgrSfe3x+506Dx6y8UDWDVy2P1r/X64uqcxOLUdrG+p8T8OYalNYcO5qQ4Dn +b5ei4bIAeE9UebUvPxfdN5UT/S/fL33fVCr8OTT60/QL4ez0KjFCLeeEv94qVaqW +Hxe9ykS7S446RhANWvH6VAeSY2Bhm+WPu9urtRe4m8qR6JC27cOAubHID9szA0ID +eHTbyblfQdALQ08lUDpNuJDVCQ== +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem new file mode 120000 index 0000000..0e23e5b --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-administrator@addom2.samba.example.com-S07-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem new file mode 120000 index 0000000..5a874f3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@addom2.samba.example.com/USER-administrator@addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-administrator@addom2.samba.example.com-S07-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-cert.cer Binary files differnew file mode 100644 index 0000000..8f6b393 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-cert.pem new file mode 100644 index 0000000..4ab5d5a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Mar 16 23:29:04 2016 GMT + Not After : Mar 11 23:29:04 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=administrator@samba.example.com/emailAddress=administrator@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:af:87:9e:1e:7f:c0:ab:da:47:22:74:d0:df:01: + f1:67:6c:ac:c4:b7:d9:18:97:e5:7a:62:76:33:b6: + 52:f2:92:90:75:ac:a3:94:7e:0c:29:75:c9:83:2f: + 19:66:60:84:45:ff:d5:a9:bd:c5:3a:a2:d8:25:cf: + 15:8a:23:3e:09:73:2f:99:1d:24:1f:e6:96:7e:7b: + c4:1e:8d:55:5b:c1:18:69:cd:1d:b4:22:d5:7b:db: + 5e:7c:91:f2:8e:c1:03:30:ee:63:46:5a:54:d5:40: + ac:79:55:00:71:07:8d:3e:0e:ed:ff:93:6c:f1:2d: + 84:c1:51:a3:7c:49:cf:ff:85:7b:c0:64:c1:ba:c8: + 66:7a:ff:17:2a:74:ea:16:6a:1d:97:c0:27:57:10: + be:76:f5:9a:63:56:c7:25:c6:fc:a7:5e:00:a6:1a: + 3d:21:bd:7a:f9:e3:03:60:ce:df:16:06:fc:05:bc: + d1:c8:5d:e7:33:ed:52:8b:60:5b:60:c5:70:13:1d: + c1:b3:08:13:09:3b:05:e8:02:40:12:45:89:af:87: + 1f:6a:8f:62:ce:1e:17:13:34:82:81:86:e9:bb:85: + 5b:75:1d:f4:3a:02:b4:a6:58:23:fe:c3:3a:35:09: + 95:bb:f7:79:bc:e3:97:e6:6d:77:24:aa:2d:51:50: + 37:69 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for administrator@samba.example.com + X509v3 Subject Key Identifier: + 45:DA:4B:8D:05:9C:62:4E:62:C3:D7:5C:5F:D3:D9:85:B4:9B:F2:2C + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:administrator@samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + a2:bb:e6:97:67:3c:b6:6e:6e:dd:34:99:16:c6:80:91:08:bf: + 91:ba:51:62:5d:76:2f:e5:53:91:3d:99:03:18:a9:84:69:73: + 76:66:c3:eb:56:d7:c5:40:91:15:da:de:b2:76:48:7d:8a:8c: + 80:79:3c:e6:da:0e:a6:c3:53:d6:74:ee:5f:29:b7:03:46:de: + 89:32:14:22:03:30:68:2e:7e:06:d4:ac:9e:82:c0:02:16:7f: + 81:ba:ee:7a:e7:8b:f7:fb:99:7f:8c:eb:78:54:97:4e:28:44: + da:f4:e2:1b:f8:3e:ac:ca:cc:e3:e3:71:90:91:47:9c:78:ed: + 6f:bc:b7:98:12:ea:75:e5:15:f7:26:56:a7:5c:d6:74:a8:13: + 7b:23:35:4e:6a:01:f6:a9:f5:5b:9b:d0:ea:ba:0f:c3:c4:1a: + e0:b9:a3:ed:5d:28:cb:7f:1d:3e:8a:9a:af:4c:88:00:3c:10: + f0:49:85:24:60:e6:cb:d6:9e:00:46:78:4d:90:22:68:4f:10: + 39:84:3b:e2:7c:3d:ed:23:41:19:7e:6f:45:59:89:a9:9f:26: + c1:f9:7d:4d:0a:b4:10:f9:31:7d:cc:87:d0:4b:62:14:70:86: + c8:7d:14:ff:e4:68:e2:de:42:ca:01:c7:aa:2d:5a:a5:72:64: + f1:4c:fa:6e:60:15:22:08:68:e6:c6:6a:75:63:24:b5:54:76: + d1:97:4f:e0:e8:bc:eb:d0:62:84:4a:b4:3a:07:38:5f:b9:a6: + 6a:31:14:47:33:81:bd:d0:a4:a2:da:2b:92:0d:dc:42:c4:0f: + 28:0d:b6:1b:33:b5:88:df:1b:a8:d8:90:9a:11:ce:df:d4:14: + e9:ac:94:94:95:bb:bc:6e:f1:be:85:29:3f:17:ab:41:14:d8: + 20:ba:e0:a2:a3:d3:d4:8b:1e:4b:32:22:8d:0d:c1:e6:39:1a: + ce:cd:f3:1d:f1:82:85:d5:e7:80:34:90:a4:0e:d4:af:32:c8: + 79:4e:25:32:b6:1e:06:3a:26:42:38:47:1a:32:96:71:5b:fe: + 5b:b0:ef:7d:fe:58:ca:eb:b5:c9:4b:2f:12:cb:89:36:22:7c: + a6:39:ab:20:c1:2d:cd:6b:34:e1:cd:bc:ed:45:45:12:4a:65: + 4b:ab:45:f2:6d:7a:9d:f8:b5:52:78:1b:da:2f:e0:ce:f7:e2: + b0:fa:6f:40:3d:dd:e9:39:c3:63:68:ab:77:53:be:3b:dd:9a: + bc:d7:d7:fa:6a:bf:bf:74:f7:11:80:87:f9:d3:45:eb:1e:8e: + d1:a9:a0:2e:66:e7:20:67:1c:4c:22:43:77:85:ff:1a:23:37: + cc:49:de:51:ee:f2:04:2f:a8:98:88:0f:b6:18:53:eb:e2:49: + 15:5e:02:8b:1e:7b:e6:c5:d1:0c:df:84:4e:d9:bd:fe:21:48: + d4:a4:11:01:27:57:51:d6:c1:b2:a1:1c:11:9a:a7:d1:ab:f0: + 99:16:b2:c8:3f:74:25:68:0b:1a:cf:58:0d:cd:cc:1a:6d:8b: + ec:1f:70:82:02:40:97:0f:75:2c:53:87:c1:42:5c:d1:7e:19: + 78:2c:2c:88:73:33:81:63:38:84:07:0f:16:bb:7c:54:59:03: + 94:e7:b8:85:d7:f8:5e:53:35:65:2e:e5:27:65:be:f0:89:65: + f6:ab:3f:6e:a5:bd:c1:1a:9e:31:30:68:6e:50:af:54:4c:33: + f8:73:2f:41:60:4f:4c:85:1b:ad:7d:db:62:42:dc:87:96:b4: + cf:ce:12:50:ed:6c:01:5f:e2:f9:03:f5:f7:4c:6c:8f:2b:5b: + 7a:64:7d:19:e8:20:f2:e9:10:58:f3:71:0e:1e:58:68:f2:59: + 3c:06:53:7a:f3:60:62:5b:c7:b7:83:58:1d:3d:a6:17:db:33: + cc:91:14:af:d6:b9:08:bf:60:af:ac:3e:fe:8b:74:71:20:c7: + e7:31:5e:26:6c:28:52:67:12:1e:c3:9b:89:23:5d:88:ee:b0: + 6b:db:cc:94:8b:9b:1b:40:b7:66:bc:7d:1d:e1:08:00:20:ba: + 41:cd:17:d6:4c:7b:c4:5a:fd:cf:6b:20:e2:b8:86:9c:31:17: + c2:d7:7f:1c:3a:d0:fc:1d:f5:7f:c9:96:04:27:de:b8:ef:8d: + 38:9a:b3:56:60:ac:c2:07:38:64:19:39:9e:73:6f:ba:59:15: + ac:45:42:4d:bb:79:60:7f:ae:c3:8d:63:4a:27:16:0a:ca:92: + 7f:f7:a2:02:76:f5:e6:7c:ec:ba:ea:18:cd:9c:3b:ee:37:2c: + 9d:78:4e:c9:40:6d:94:cc:ce:ca:f4:33:fc:a4:dd:05:62:d6: + 0f:1e:19:63:af:10:c3:ff:02:1a:0a:48:fd:af:f2:a4:0e:64: + dd:90:f4:4f:14:1b:90:1f:9e:29:b0:0b:94:a4:d1:2a:87:b9: + 3a:76:c2:b6:af:c3:d4:84:6e:85:1c:64:73:46:d0:df:72:c0: + 3c:42:91:c4:30:10:11:18:36:bc:e5:17:36:22:5f:c2:3f:ac: + 1d:2e:9d:87:11:be:a7:ac:b2:62:35:74:b9:27:27:95:bc:c1: + 11:44:f8:64:36:60:74:06:a2:e7:e9:76:be:a7:86:5e:18:1e: + bd:dc:b0:aa:ae:92:d6:dd:d6:25:80:d6:c1:be:c1:21:1c:01: + 6f:83:20:ae:b7:54:4f:3d:2d:12:fc:a2:cc:49:fd:59 +-----BEGIN CERTIFICATE----- +MIII/TCCBOWgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjAz +MTYyMzI5MDRaFw0zNjAzMTEyMzI5MDRaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxKDAmBgNVBAMMH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5j +b20xLjAsBgkqhkiG9w0BCQEWH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvh54ef8Cr2kcidNDf +AfFnbKzEt9kYl+V6YnYztlLykpB1rKOUfgwpdcmDLxlmYIRF/9WpvcU6otglzxWK +Iz4Jcy+ZHSQf5pZ+e8QejVVbwRhpzR20ItV72158kfKOwQMw7mNGWlTVQKx5VQBx +B40+Du3/k2zxLYTBUaN8Sc//hXvAZMG6yGZ6/xcqdOoWah2XwCdXEL529ZpjVscl +xvynXgCmGj0hvXr54wNgzt8WBvwFvNHIXecz7VKLYFtgxXATHcGzCBMJOwXoAkAS +RYmvhx9qj2LOHhcTNIKBhum7hVt1HfQ6ArSmWCP+wzo1CZW793m845fmbXckqi1R +UDdpAgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0 +dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl +LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ +YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIGFk +bWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFEXaS40FnGJO +YsPXXF/T2YW0m/IsMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG +A1UdEQRUMFKBH2FkbWluaXN0cmF0b3JAc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB +BAGCNxQCA6AhDB9hZG1pbmlzdHJhdG9yQHNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD +AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEAorvml2c8tm5u3TSZFsaA +kQi/kbpRYl12L+VTkT2ZAxiphGlzdmbD61bXxUCRFdresnZIfYqMgHk85toOpsNT +1nTuXym3A0beiTIUIgMwaC5+BtSsnoLAAhZ/gbrueueL9/uZf4zreFSXTihE2vTi +G/g+rMrM4+NxkJFHnHjtb7y3mBLqdeUV9yZWp1zWdKgTeyM1TmoB9qn1W5vQ6roP +w8Qa4Lmj7V0oy38dPoqar0yIADwQ8EmFJGDmy9aeAEZ4TZAiaE8QOYQ74nw97SNB +GX5vRVmJqZ8mwfl9TQq0EPkxfcyH0EtiFHCGyH0U/+Ro4t5CygHHqi1apXJk8Uz6 +bmAVIgho5sZqdWMktVR20ZdP4Oi869BihEq0Ogc4X7mmajEURzOBvdCkotorkg3c +QsQPKA22GzO1iN8bqNiQmhHO39QU6ayUlJW7vG7xvoUpPxerQRTYILrgoqPT1Ise +SzIijQ3B5jkazs3zHfGChdXngDSQpA7UrzLIeU4lMrYeBjomQjhHGjKWcVv+W7Dv +ff5Yyuu1yUsvEsuJNiJ8pjmrIMEtzWs04c287UVFEkplS6tF8m16nfi1Ungb2i/g +zvfisPpvQD3d6TnDY2ird1O+O92avNfX+mq/v3T3EYCH+dNF6x6O0amgLmbnIGcc +TCJDd4X/GiM3zEneUe7yBC+omIgPthhT6+JJFV4Cix575sXRDN+ETtm9/iFI1KQR +ASdXUdbBsqEcEZqn0avwmRayyD90JWgLGs9YDc3MGm2L7B9wggJAlw91LFOHwUJc +0X4ZeCwsiHMzgWM4hAcPFrt8VFkDlOe4hdf4XlM1ZS7lJ2W+8Ill9qs/bqW9wRqe +MTBoblCvVEwz+HMvQWBPTIUbrX3bYkLch5a0z84SUO1sAV/i+QP190xsjytbemR9 +Gegg8ukQWPNxDh5YaPJZPAZTevNgYlvHt4NYHT2mF9szzJEUr9a5CL9gr6w+/ot0 +cSDH5zFeJmwoUmcSHsObiSNdiO6wa9vMlIubG0C3Zrx9HeEIACC6Qc0X1kx7xFr9 +z2sg4riGnDEXwtd/HDrQ/B31f8mWBCfeuO+NOJqzVmCswgc4ZBk5nnNvulkVrEVC +Tbt5YH+uw41jSicWCsqSf/eiAnb15nzsuuoYzZw77jcsnXhOyUBtlMzOyvQz/KTd +BWLWDx4ZY68Qw/8CGgpI/a/ypA5k3ZD0TxQbkB+eKbALlKTRKoe5OnbCtq/D1IRu +hRxkc0bQ33LAPEKRxDAQERg2vOUXNiJfwj+sHS6dhxG+p6yyYjV0uScnlbzBEUT4 +ZDZgdAai5+l2vqeGXhgevdywqq6S1t3WJYDWwb7BIRwBb4MgrrdUTz0tEvyizEn9 +WQ== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-key.pem new file mode 100644 index 0000000..652e3bd --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7Afo/WihRO4CAggA +MBQGCCqGSIb3DQMHBAiyzMez8ikVKgSCBMikJkx4Qhm0cLRQXJfIPsHX0YQfinoJ +qLGWMQ5KWTpwFZHoeqarmCVLJwReF75E8nD5tJdKt5J+lN0gBQMbppAzlSOJvMne +1E5sDoBHY3jYUViF3p+ZZt4YoDxaGFYxcGL9M6Uo/Yb1791riMisQjgn7inpRe0i +JuHngJH9Dblg0+vGM3JkMKdizWHSW4RyeYXa8d3rh62Y5RD7exUHKkz3pPucSsyy +dnkhvbhdXSYzPxcUarrjx3pNMzWhamLWP3V6UwupCB8dygLm4QV+Fc3Jw7wR3Efj +cewWjmXHuHzAGfDhr1r6yeWaAQCYezSp18UwMRv9AWgiTAayxDI+IroBigvU3PfA +KE0RlWBnvoy2ggNEsCvk2QXYpQiIJMTS9u1oi2aOdvXaaVxuKBPJGgzAFGSnM44k +gE1Pe+snVxzRuzHCNXnWoCxSa9xAvRt/dnQ9n1p2m3lwlt+kP0kO4ieMhT+SnBNh +QY/WRfJ8E5ldYyfJ0y2eRd1hCu+42tj72rAuQkhPEUJzWuU6N1xzChXPwXVnhIh4 +HS4bpd9uL1wA5sNw2zfXdanagmSrXC5EFVdj4rJzHWzkalg0GTMhYd4QsbqI5d8O +lO5ECnZUJwIcYa5Hy7OVDymRh3BxPMDGYqiO1+6QHUrqRm/XiSDUSaBfLat9ckHY +0JT5nbBMg0TJ3VIhUbsZaQ4fwZNr9zgeS+yoFuLcPYPCHBz2fDNq6MFb0BqbHcYY +qmf++nxF/jW21UKTryBeiLdkq1TjExOEXdmjSL4vwmUjyx+ycM4w8GvdU4xkdkQl +1jNlx20WSocZ0hzreCMXglUb1q7tzZvaVJrSS9TX2PV38Fcz6jpmOeKtnkRBMUis +Ge20QO7D8zCJM0jL+mNAnuZCA7zHc8aenbR6hK8i3Kd8G0XhWLNVWI5KfFtgrRaW +UCM8mSdEIvWZfPrdvxo/kYEXBBA8i+3oO0nSUTyHpqmsIH3nYvaWnVmibnKMigO3 ++3d+6Db5R117EbXDdRWm85jiN7PQ1SdNVxtKN4Wu188r/KfchXAeBQcBy9Kh1vVY +qYTqP4Mp7dbm864iiZQZwTLJeq346+xUze5NY7nFHWl0ps7ujk+i9WA9I+M2TAj9 +Zmywy4Xvjwpj7PO5zA9O5TRxnnBbz7VrTcxBLK+6T/2yZZceJ29Bv7wy61eK9LNk +AYy+MFXlY64L6HauTk9Ne/VnNnTvYYqrqPNy6CehQc0+LKvmYLCHUZabhWi7P1rj +gUkkypfBH0j8k1lDnjnYu5bml32GK7eBix9C+5kNDadnvCEVDiYFT59SDyKCUHMZ +19EKywqkWVPu5ez+60zSEJACpvIqDxlamusN3O9tQZD/t2c2lJiBeBPszXgj8Gin +++tuCwkz/3KNy+u3SCZg9SUk5+XVZDOQOMh9EmUT5oqoPUTm9pblU2B8lRZaw/wl +B97E4q4TUOtXZXHJdCkU8Sxr8/l8fOFYqIeiFx8PhSHaFgpEKgs89G9AefIb+l1u +Z36bqMs0y4rIiSHR++0ZO5NJIi33zhPHvifmPzBTDXRn9cWdfqwetq1ts9ZD27oE +4UhJyRU0gprmtpQWoVnd6ghiM1zk7lZmRQEDDXy4+puztzgZNLKJbSeXbufe49nX +DcU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-openssl.cnf new file mode 100644 index 0000000..db72360 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = administrator@samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = administrator@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for administrator@samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:administrator@samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-private-key.pem new file mode 100644 index 0000000..cc8f150 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAr4eeHn/Aq9pHInTQ3wHxZ2ysxLfZGJflemJ2M7ZS8pKQdayj +lH4MKXXJgy8ZZmCERf/Vqb3FOqLYJc8ViiM+CXMvmR0kH+aWfnvEHo1VW8EYac0d +tCLVe9tefJHyjsEDMO5jRlpU1UCseVUAcQeNPg7t/5Ns8S2EwVGjfEnP/4V7wGTB +ushmev8XKnTqFmodl8AnVxC+dvWaY1bHJcb8p14Apho9Ib16+eMDYM7fFgb8BbzR +yF3nM+1Si2BbYMVwEx3BswgTCTsF6AJAEkWJr4cfao9izh4XEzSCgYbpu4VbdR30 +OgK0plgj/sM6NQmVu/d5vOOX5m13JKotUVA3aQIDAQABAoIBAQCEj7E0a1rA7ooG +VZ5grQD5ELOxpP7Jef2OXcnS6ADgvRtoI0cun7rjnNbgwbM3A/EhRELCfFT1IYKH +m0szFcaGMH1j7wQXK3fAcgv83tP2BXBAhu3F2wDLFzLWdQpwEQgt7fr/aLzkiIE4 +6J76va9HjNLkzxvZUH0P2m3TMZNp7s2NLjxNQwivNXSgKXcT9fPX7IaBd063W41I +iYQZ7M8Q3C1vk34uC9V1LxjFxOAe42G/ITkjt3CJbg0CjMXG3P3TKIXG94ufpFQO +mkEzUSGxTCkwlqHKcxsa+7f72TocuhLuwpFBSeRmiIsa5ZHxJiC6XOkz2CAboNkI +UMSVjoxZAoGBAOlOGjiF7ChheDLhtj3/VcxfyHkcNoUFAtKuoT/FD8JMQiEUTifr +V7eA8pfAQubVVRNLmZEA40gsJsTPbCRQymwcYDFRATlTd6nZ1s53z99E/v/1QjIa +ZpQXRD+Nt1xmID/MuX34qpIA6ZEE2zTFoMo1STeNf4eC9mESW9DkA05rAoGBAMCa +wrvLa5whtXbhdoWfCMYKtSQuGTEKslb4Ec97sKIdZXloGnH0eyiwnynCDhX2wPJt +gnQtVxNXb9+MFxh+6bnX5rMyB+myXszpPNBCbLO0FU3+vfIEmOoULqU1Xn7Eu97m +LGoR6G9cN7p8RuX7zp5ROKGfDg77oW8XhVah2x57AoGAY1BmBQ2tW/sx6ab/pyCc +a2WSt0t1QebCLuE7ryO586H2vJIiOwgJzQnNOyAS2qSRlKcn9fwExGJXFoydok/p ++1+Q6y1qcfbAB8O9lyKVkJuUWW0UArQOWpgU62DuXxzyOXZyt9c09PYCd0Mz9SDz +s2A/jLBlS1BKhUQFZcTKS4UCgYBaT7cD66x3t26pYar7mMi6ZAbwAhWZ41QgZ42i +ZnM6cOJF/UR5LpQZTkgzgmSsc9mhUywaYbA0x4kTn1KtD8V0eQIaAFmpgRPmrW7w +kFT8JnLe8ZYLR5CUIgaFPPMkKgeVywQEcIU2wlz3OpLcACiwH5GYZ0ZmTCM0Pikt +qBNgxQKBgEVgpIHZi2xdfvwtCrEfomnlImj94HySKIFenCRoc/d34+KO4jKho1zN +dqbSDqz/lB/7GWFjRszTMZMVJkl8TbE050UEe8EDPt93BSeGHNCUXUesZQVddGhn +iH8OLIkoW3xIlNgflwi4+7gLjWrAHHPwEG3Iys83DVCA5D/4C02m +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-private.p12 Binary files differnew file mode 100644 index 0000000..c2c70e3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-req.pem new file mode 100644 index 0000000..72cd979 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-S01-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMSgwJgYDVQQDDB9hZG1pbmlzdHJhdG9yQHNhbWJhLmV4 +YW1wbGUuY29tMS4wLAYJKoZIhvcNAQkBFh9hZG1pbmlzdHJhdG9yQHNhbWJhLmV4 +YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4eeHn/A +q9pHInTQ3wHxZ2ysxLfZGJflemJ2M7ZS8pKQdayjlH4MKXXJgy8ZZmCERf/Vqb3F +OqLYJc8ViiM+CXMvmR0kH+aWfnvEHo1VW8EYac0dtCLVe9tefJHyjsEDMO5jRlpU +1UCseVUAcQeNPg7t/5Ns8S2EwVGjfEnP/4V7wGTBushmev8XKnTqFmodl8AnVxC+ +dvWaY1bHJcb8p14Apho9Ib16+eMDYM7fFgb8BbzRyF3nM+1Si2BbYMVwEx3BswgT +CTsF6AJAEkWJr4cfao9izh4XEzSCgYbpu4VbdR30OgK0plgj/sM6NQmVu/d5vOOX +5m13JKotUVA3aQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGrgBV0TkeQ3fHEJ +vTabQG/aKSgzkkzaiBdY5GBX3FGtmKl0E9DNImc3bcw4QBC8GDObGoqct31QpHnT +H51MN/Vix3YAUsKbGtvopGygn22sLtm21Iy1lOS2QsEikPxrDedmKjGzsyi8fWFF +fWOEW1+mhS7L6oiNDm18MbAaYN6wdgkPVW0Uc+P/ftRZ1y2T2mli+99IgNQQW9Rb +7ZrHBTyCq9IK73UniVCA3yEN2ibHxaZQsvl3DpUfkKdPV1FOsvj33nTMtcubY7/P +c4n3w2M0HVSu6Ch+cJj0dy3FzYU76eInzT6B+hs2lGCIm6H4pUH8Vjx9dNMjcC4d +vctx/Mw= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-cert.pem new file mode 120000 index 0000000..3b134b6 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-administrator@samba.example.com-S01-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-private-key.pem new file mode 120000 index 0000000..964892e --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/administrator@samba.example.com/USER-administrator@samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-administrator@samba.example.com-S01-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.cer Binary files differnew file mode 100644 index 0000000..85773b0 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.pem new file mode 100644 index 0000000..997dfd3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-cert.pem @@ -0,0 +1,168 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Jun 3 19:30:47 2016 GMT + Not After : May 29 19:30:47 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom.samba.example.com/emailAddress=pkinit@addom.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b3:a4:e8:bd:c8:4f:6a:71:c6:15:a8:dd:00:d6: + 61:74:00:e4:8f:b5:c4:0e:98:d9:51:aa:aa:4f:c7: + 8c:f9:6c:37:5c:60:55:da:7c:55:9c:d3:cd:e2:f1: + ed:51:39:25:d5:fa:69:7e:a7:67:9c:a9:61:1b:5c: + 73:50:d0:6f:ba:ce:3a:df:fe:ae:95:95:8e:97:ab: + c6:bb:6a:c3:60:0b:ca:c2:9c:31:ff:c6:2f:52:bb: + cb:2f:f6:2c:4d:be:20:e1:16:49:d3:22:36:66:4f: + 5c:c4:30:12:07:34:8b:00:4e:5b:51:7d:40:35:81: + dc:5c:0e:af:be:78:63:80:69:67:87:53:97:d0:3f: + d7:66:8d:26:8a:0a:24:95:f9:db:dd:93:0e:48:54: + c8:30:e4:77:0d:65:ef:a4:6a:de:29:91:77:97:40: + 5c:2e:ed:35:5e:b9:0f:37:ad:d9:70:76:99:77:45: + 8c:4a:65:63:13:72:d5:c4:53:37:57:85:0a:6d:74: + 30:8c:69:7f:83:f0:7f:f5:67:05:79:80:27:d4:38: + 6d:49:2f:8d:2a:97:2e:33:1f:d0:e0:c1:76:1b:bf: + bf:b1:75:8a:c9:b1:3f:3f:f2:4e:c5:b0:68:5e:76: + 8a:7e:9c:57:b2:ec:3d:18:83:e2:65:d5:30:5e:b5: + f4:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom.samba.example.com + X509v3 Subject Key Identifier: + 3E:81:65:A1:E3:7E:18:BE:80:FE:15:93:CC:20:15:FD:08:D4:A4:3D + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 7b:47:4c:55:7c:77:8b:8f:ca:23:3e:51:6a:51:c1:49:44:0d: + 72:56:27:79:f7:54:48:ef:74:37:5e:2a:33:68:dc:04:8a:de: + b2:8e:7b:26:6f:67:f5:bc:0a:e1:ec:74:12:86:5a:6b:56:7d: + 75:24:d0:df:c7:1e:c4:28:e8:a5:c0:e5:3a:a0:74:f8:95:70: + 61:44:a1:9c:e3:54:d8:cf:1b:e2:2f:35:d3:ca:1a:5f:07:e9: + ce:fe:79:e1:20:ac:9e:94:74:a5:80:2e:38:75:bc:bc:d7:2d: + e0:54:c1:17:9a:8e:07:42:7e:5f:2e:17:93:63:ab:ae:ed:c6: + 29:0f:91:c8:8a:99:ad:21:5b:52:a7:dd:0c:2f:32:dc:0d:36: + 9c:98:02:aa:eb:8f:2d:3a:86:1a:cf:f8:f5:da:0b:70:7e:14: + 9c:79:bc:8a:6c:c7:06:8d:3e:3b:26:2a:50:a1:05:ca:47:79: + d1:ba:55:06:cd:d2:3a:10:27:8d:cb:ee:b4:f7:90:ff:f2:fb: + 67:f0:73:0b:4f:51:5e:0b:8d:e4:94:cb:da:56:2d:18:91:b8: + 51:0f:ee:48:99:cc:ae:8b:6b:ac:d8:38:1e:5e:5e:d9:1a:29: + 52:04:52:49:49:30:60:3b:fa:4e:c9:0c:a0:67:20:e1:4a:9f: + 84:44:c8:ca:35:d5:28:a6:06:7e:dc:c3:81:8d:40:12:3d:ae: + 0d:51:42:5a:16:92:78:2e:70:0b:ba:7f:8e:52:b7:2e:a8:f1: + 72:32:ba:6f:30:92:1e:40:0f:bf:09:14:5b:63:c6:1d:b3:ac: + eb:e7:69:f0:1b:3c:b8:4a:ec:a2:22:e2:58:ad:ef:22:77:9c: + e2:51:ec:38:bf:47:d8:1e:43:77:61:3d:60:54:c7:ba:6a:be: + 87:ea:f7:9e:46:74:90:70:c3:d9:74:21:be:90:78:12:2f:30: + d2:56:3b:9a:24:27:17:1b:d0:8c:49:e7:65:a8:d2:d9:0f:f8: + e9:5e:51:8c:97:cf:90:37:e5:ad:dc:88:ac:c1:54:57:7a:9a: + f4:5a:80:25:85:7c:d0:b7:17:03:8c:b3:43:20:59:c7:f3:68: + 72:f5:53:75:df:a0:00:12:f0:28:d5:dc:70:ec:9e:c2:33:bd: + 73:e9:8c:62:b8:2f:0d:55:a3:3d:d2:21:59:4f:3a:d7:50:aa: + 43:72:25:05:a0:2f:e0:f1:79:59:2a:57:e6:b9:91:21:b9:9f: + 07:f9:49:fc:d7:97:f7:be:a7:81:69:ac:6c:9a:7c:25:5e:6b: + 48:37:90:89:ac:37:02:b5:be:41:01:56:93:71:f4:e9:75:3c: + aa:0a:9b:d6:a3:09:64:51:30:d7:2c:1a:dd:bc:83:2e:45:b5: + 90:a5:ad:16:ba:18:56:1c:88:73:b5:ee:77:6d:65:3e:11:dc: + 36:45:6a:08:99:5d:24:86:93:da:45:95:2a:de:80:96:2e:db: + d7:87:b3:f1:70:3c:b5:56:eb:ca:62:dc:3c:49:84:3c:f8:6d: + d9:44:e0:81:33:5e:f7:22:27:8b:09:05:12:a6:c1:79:56:c7: + 7f:e2:80:d6:ab:4d:e5:1a:ff:ae:9a:fd:3b:7b:aa:15:ca:10: + c2:6a:98:c4:70:63:6e:7d:94:8e:87:0a:24:bd:b1:59:85:67: + 5b:e8:2e:ff:d7:43:8c:46:06:1a:a8:ba:72:e7:0d:ef:5f:6c: + 2d:5c:14:56:ad:5d:56:a5:21:09:7b:16:44:4a:74:9d:1a:03: + aa:1a:41:29:e5:78:e4:7c:9e:53:18:61:d8:5a:d1:e8:a8:0e: + f4:d3:40:d6:6b:cd:c9:e4:a3:3d:51:54:c3:d6:09:4c:48:9e: + 34:2a:23:ad:83:ab:9a:99:c2:bf:7b:85:98:d7:b6:21:fc:c4: + 17:6c:56:46:95:98:da:e8:6c:f3:67:4e:33:fc:68:b8:af:86: + 07:8b:8e:f3:16:2c:ec:82:e7:b8:47:64:5c:f5:bd:37:75:b5: + 94:d3:09:3c:3d:6a:6d:47:81:e0:1b:df:5e:d7:6c:92:7d:23: + 91:3e:29:06:21:5b:52:62:47:87:e8:7e:20:ab:fa:cb:3f:9e: + ab:7e:55:7e:d2:76:7d:3e:ce:49:f5:ad:a1:f8:13:ba:9a:d6: + 54:bb:e9:f0:e0:a6:77:27:95:33:84:48:ff:29:87:fc:65:94: + d4:56:44:88:fc:40:0a:64:32:15:13:36:bf:fb:10:65:35:94: + 66:ad:d7:e4:16:08:c5:8b:2f:c7:a1:14:99:60:69:66:39:3f: + 8d:f3:d3:46:ae:c9:ad:85:94:9b:06:6f:7e:f9:84:b4:e7:fb: + 7c:79:1b:75:00:f7:10:19:86:57:48:ea:d5:24:eb:f5:d6:42: + 43:73:36:db:9a:15:73:01:75:db:e5:4f:d0:68:3a:3b:35:ce: + 19:ab:08:e8:75:c4:7d:b0:d8:c9:64:f9:de:e4:ae:df:a5:24: + 19:dd:b8:d1:88:40:48:2a:13:6c:ad:72:23:46:45:2c:78:0c: + d4:68:15:11:7f:e2:47:2d:ce:d0:ce:ae:43:8b:08:af:42:12: + 85:6f:4d:8b:39:e0:a1:d9:65:08:b1:dc:00:e2:e8:f0:e1:f6: + 8f:21:8e:81:cd:de:8a:d0:92:58:22:d0:b0:29:fa:f8:98:6f: + c6:e0:68:37:b4:57:90:c2:c4:7c:38:64:51:d7:61:5a +-----BEGIN CERTIFICATE----- +MIII+DCCBOCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2 +MDMxOTMwNDdaFw0zNjA1MjkxOTMwNDdaMIGlMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxJzAlBgNVBAMMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNv +bTEtMCsGCSqGSIb3DQEJARYecGtpbml0QGFkZG9tLnNhbWJhLmV4YW1wbGUuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6TovchPanHGFajdANZh +dADkj7XEDpjZUaqqT8eM+Ww3XGBV2nxVnNPN4vHtUTkl1fppfqdnnKlhG1xzUNBv +us463/6ulZWOl6vGu2rDYAvKwpwx/8YvUrvLL/YsTb4g4RZJ0yI2Zk9cxDASBzSL +AE5bUX1ANYHcXA6vvnhjgGlnh1OX0D/XZo0migoklfnb3ZMOSFTIMOR3DWXvpGre +KZF3l0BcLu01XrkPN63ZcHaZd0WMSmVjE3LVxFM3V4UKbXQwjGl/g/B/9WcFeYAn +1DhtSS+NKpcuMx/Q4MF2G7+/sXWKybE/P/JOxbBoXnaKfpxXsuw9GIPiZdUwXrX0 +xwIDAQABo4ICDjCCAgowCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRw +Oi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5j +b20tY3JsLmNybDARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgME4GCWCG +SAGG+EIBDQRBFj9TbWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2lu +aXRAYWRkb20uc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFD6BZaHjfhi+gP4V +k8wgFf0I1KQ9MB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFkGA1Ud +EQRSMFCBHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbaAuBgorBgEEAYI3 +FAIDoCAMHnBraW5pdEBhZGRvbS5zYW1iYS5leGFtcGxlLmNvbTAxBgNVHRIEKjAo +gSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTBNBglghkgB +hvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFtcGxlLmNvbS9jcmxzL0NBLXNh +bWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0lBBgwFgYIKwYBBQUHAwIGCisG +AQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAHtHTFV8d4uPyiM+UWpRwUlEDXJW +J3n3VEjvdDdeKjNo3ASK3rKOeyZvZ/W8CuHsdBKGWmtWfXUk0N/HHsQo6KXA5Tqg +dPiVcGFEoZzjVNjPG+IvNdPKGl8H6c7+eeEgrJ6UdKWALjh1vLzXLeBUwReajgdC +fl8uF5Njq67txikPkciKma0hW1Kn3QwvMtwNNpyYAqrrjy06hhrP+PXaC3B+FJx5 +vIpsxwaNPjsmKlChBcpHedG6VQbN0joQJ43L7rT3kP/y+2fwcwtPUV4LjeSUy9pW +LRiRuFEP7kiZzK6La6zYOB5eXtkaKVIEUklJMGA7+k7JDKBnIOFKn4REyMo11Sim +Bn7cw4GNQBI9rg1RQloWkngucAu6f45Sty6o8XIyum8wkh5AD78JFFtjxh2zrOvn +afAbPLhK7KIi4lit7yJ3nOJR7Di/R9geQ3dhPWBUx7pqvofq955GdJBww9l0Ib6Q +eBIvMNJWO5okJxcb0IxJ52Wo0tkP+OleUYyXz5A35a3ciKzBVFd6mvRagCWFfNC3 +FwOMs0MgWcfzaHL1U3XfoAAS8CjV3HDsnsIzvXPpjGK4Lw1Voz3SIVlPOtdQqkNy +JQWgL+DxeVkqV+a5kSG5nwf5SfzXl/e+p4FprGyafCVea0g3kImsNwK1vkEBVpNx +9Ol1PKoKm9ajCWRRMNcsGt28gy5FtZClrRa6GFYciHO17ndtZT4R3DZFagiZXSSG +k9pFlSregJYu29eHs/FwPLVW68pi3DxJhDz4bdlE4IEzXvciJ4sJBRKmwXlWx3/i +gNarTeUa/66a/Tt7qhXKEMJqmMRwY259lI6HCiS9sVmFZ1voLv/XQ4xGBhqounLn +De9fbC1cFFatXValIQl7FkRKdJ0aA6oaQSnleOR8nlMYYdha0eioDvTTQNZrzcnk +oz1RVMPWCUxInjQqI62Dq5qZwr97hZjXtiH8xBdsVkaVmNrobPNnTjP8aLivhgeL +jvMWLOyC57hHZFz1vTd1tZTTCTw9am1HgeAb317XbJJ9I5E+KQYhW1JiR4fofiCr ++ss/nqt+VX7Sdn0+zkn1raH4E7qa1lS76fDgpncnlTOESP8ph/xllNRWRIj8QApk +MhUTNr/7EGU1lGat1+QWCMWLL8ehFJlgaWY5P43z00auya2FlJsGb375hLTn+3x5 +G3UA9xAZhldI6tUk6/XWQkNzNtuaFXMBddvlT9BoOjs1zhmrCOh1xH2w2Mlk+d7k +rt+lJBnduNGIQEgqE2ytciNGRSx4DNRoFRF/4kctztDOrkOLCK9CEoVvTYs54KHZ +ZQix3ADi6PDh9o8hjoHN3orQklgi0LAp+viYb8bgaDe0V5DCxHw4ZFHXYVo= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-key.pem new file mode 100644 index 0000000..542cd3d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEaGZ7BvOYu4CAggA +MBQGCCqGSIb3DQMHBAhSIfRjeKrXNgSCBMh+g3dZyu/ZZ1DgB1U3qiUMIIA/hurX +2FjSuDIrn5+g7uPIxtBjQgz2+2f4kUsiqx/UBOodAwtSzjpP3HX91zyRoMke4jA1 +cx3PlsaSCwXXBmbLhI8+IAiQZ7zo4r5C91nNXVBUC+Z4bDydjXRnZHBAiGo674mB +ZbpixlAjDQWiJCZJvqDy7uqjIK9un12fU/hBWc6mLJZ8MSTWaJ9/ONGTImhbI7f7 +jtM04HihoDsh8ExeVSSWYt+vM3VIjXlbZqTi0d2ijgb4MnGsIuVVZtnvLbMSe7Ow +lGLNsbkUq3y8JsF2rkZWHE+7J33Ko9fgUr9kVaIVJpChWnOSsxVUuRydrCUS4g3L +1wmVPEW59t0jFwMt7qcQS7K1ivkjmNplyld5pBssLX4BuzKMxEsGG6c8MwSLGqcJ +g70xbraCWzn0ggKCROGvbFmIn9o7GXCnYLj3e4LfHbV0XgINiw7ufCUgRTTHEn+L +PAaGd13BxdYlquIzbSLhdijDzU+41tXI/g1bw4tAlxcKHPh9XmKRYf8DusVWRKB1 +uyouHQxEVYyJw5atQJZLlzTUWpZ0V4q2UVckN2LSFMtwTu8ZL9iNSL4l75iRaMdI ++V9a+QaAifd7qF8eujvfVgpzuiMuEonQ9iRJOErJ6/BaCO9WaZ+jE0ojZtllWjLQ +rXGRcxkROFcE36GC7YSWzKDq9WlgQKne9EDp0WevcSNTc698cz09D1/z8N1pkk1K +Ako3BKs9FUSmynSuTz52CEJ+XOd9FESsJkcu8FqUfmXM5Ubq9jhSU91skmuJHG8r +BlzkuO2va91T1Muu/RHaFhBYmaomkw2kvJ57oay7wZ/9Fm+j6PjdgAH81w3RfS+G +m+Vivp6wRmE438yy2QDgywjvk7anjZMX1R2PhXWgmKTSL1EosAFx6AZytd+xTDFa +tEIkfwVkr6fKLI1FFq2artDZAYqSpkFCmRFOMNoqc6UAzuET88y5oPDjY9RS3Ikd +Ru9VvuT2LcaWjCj3ofqV0ATYgkbGSsj6n66kZFoPBEv7dpD33mN9A0R7U8nzeXUT +0ImG4xsXv4vfumrfgG6sr17Ylsm/ntmUtcFy+ZbJCLypL2UnZya1+EC6a20kVt7X +DDpFH/qct3iBeRJnTdoTxWGbQKHRQ5Ro/GnZ02fCN0DBEyb4WHbP6T+Gy3DHF6TA +rBlC5nVNQD49d5brbPyBnBG4585mzPZI57npo3MpgEHv9+LC48LfJZaX5w7uevg+ +RnkjjIwrEIUZMrUvFxeNYKtdp9IggRGjDCPz8Y8TNBnvWuet0xRODhZTVs6zFeQw +s+NZirzyN6XSu9Wpc+CGbFx55eMOGog8t2e2HjBbeNCvri9wKP1t1CdCD+CTqJ6E +BaoP0Wippj8VGOB87djnT+7X2bJLjnYkmspk/Mhlz1EKh+j6SXh5VFCSoO3o1JbW +iyAI2vpT3+Bt4RXrUDTYV9OHpWSQXM/TYhHnVBdeq53h5UkBYsK+vSjHyjF9Jspt +ORWsCUBiaVBy3X9AMEubsITKCVAjlCacFDOraO6h7Y6LkOyuNvJ2aDo02L3sfDPY +sa43P1ERP5C4OOUzhLmavkwhJnzAHVAVCfNMCDzYe7UsSrweQ+OVfcp70uAdKfK5 +jzQ= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-openssl.cnf new file mode 100644 index 0000000..8bb8714 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = pkinit@addom.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = pkinit@addom.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for pkinit@addom.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:pkinit@addom.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private-key.pem new file mode 100644 index 0000000..8ab8683 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs6TovchPanHGFajdANZhdADkj7XEDpjZUaqqT8eM+Ww3XGBV +2nxVnNPN4vHtUTkl1fppfqdnnKlhG1xzUNBvus463/6ulZWOl6vGu2rDYAvKwpwx +/8YvUrvLL/YsTb4g4RZJ0yI2Zk9cxDASBzSLAE5bUX1ANYHcXA6vvnhjgGlnh1OX +0D/XZo0migoklfnb3ZMOSFTIMOR3DWXvpGreKZF3l0BcLu01XrkPN63ZcHaZd0WM +SmVjE3LVxFM3V4UKbXQwjGl/g/B/9WcFeYAn1DhtSS+NKpcuMx/Q4MF2G7+/sXWK +ybE/P/JOxbBoXnaKfpxXsuw9GIPiZdUwXrX0xwIDAQABAoIBAB3OjPeAVvz4Z7+M +Ry8uYvkWdNYLeL5bSiOsx5l5KMDx3bWsHlKkMqhU1GKFdbT2YHrCk+J58E0kJYKe +sluEWiWKtmYYIeub5w7vZ4gNTOGQ01G7DOi9f3igxDPvCqbTly0Bv7oSgSg0ntXG +jBc59p5UYf6BY7f9Fg0IOszFuOzDSSHoX8Ld/8rO+2d7k0cvS2xG3FViqMifqAN+ +b1GVm9MtPB5B4iM9dAsgy7NK8kKoY3xUFeYwC8yzBCeG35F+Bq6x+vTUoNfESwwg +/qvJwRNgChlJgLVbrcR/F0wDuvINwELUeDipP1Ca8dmaQgYLlYqrbYJlJEfsHX9w +IkuW1CECgYEA5Sn1mTKK4RnHGWE84kqAayiCEifap/FcPpA5M5AZ8t0HxDUGZ/aO +glhFOsA0bKpmK+U7Hv+uZtD7YDI2syzwk3RnLn3sHaNSMKYkogGOds4U8wYalLYe +AhTGPhukip+6SAZEJicRZDYxy4xczOLmwmGeTMFPQ7mWljbYTVvo7dkCgYEAyK5p +ZZu8Jor0VKuUjQwtzsr0P7AP8h84uf38+Llfn51/sDGihR7oHA7ER0HgaOwL238f +a990+QpShlH1LLik8LeWXNEl6A9MvWJH1OCahGh48ui8T1ptI6OgcNfIDOt0ZE2e +RoV90FpzABR057SvSog6iuCZqYl7ddEoEd3oM58CgYBqrJSJ4rApRqGam9wGjp2m +xC2AHBM5uC2zZdlqujqKBf+2guRfgrMl08cuKQh+SPfUmRljPavGaqOJTPaPg2zd +hwL87lr6FOuOf9hvnX/ep+GymvXGodvoJhl+EcoPSXkiS+BvTiJXXq7hTI5qRXkb +pOtWWWn3Ya3KcO9RW2ZbSQKBgFnRVfLYJPnLL1fGA5KtZMMtKuxmTHy9ZJI6D0Lz +FM1HnKKrVGXoU1JbeZW68kmDfDsdRl7tgFkGObFMdUMy0P+761xXb3PRhTMuDaBF +dmLUr21opP+PJVHSJjjbGvpNV6ac5r4BeTILiXT7sucRg3METc9ifuPWWJ9+oUR9 +4TNZAoGBAMH9sFqsXKXgLjnPEtdy2GJV51oytQRBxWtB/E2minj+U1b8F336vnUp +JEmY08KXj8weSSs+BUXKqxRWxLo2aWKXcvtpyHttdvJvHroG4Rb5xuvZWNtOFyhV +IHA/pdwvhgvUWoM12U2DZfznKHTDrUNpo6bs7lkPqVOSemlDucpU +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private.p12 Binary files differnew file mode 100644 index 0000000..4b77b58 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-req.pem new file mode 100644 index 0000000..dc60d63 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-S05-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC/zCCAecCAQAwgbkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMScwJQYDVQQDDB5wa2luaXRAYWRkb20uc2FtYmEuZXhh +bXBsZS5jb20xLTArBgkqhkiG9w0BCQEWHnBraW5pdEBhZGRvbS5zYW1iYS5leGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOk6L3IT2px +xhWo3QDWYXQA5I+1xA6Y2VGqqk/HjPlsN1xgVdp8VZzTzeLx7VE5JdX6aX6nZ5yp +YRtcc1DQb7rOOt/+rpWVjperxrtqw2ALysKcMf/GL1K7yy/2LE2+IOEWSdMiNmZP +XMQwEgc0iwBOW1F9QDWB3FwOr754Y4BpZ4dTl9A/12aNJooKJJX5292TDkhUyDDk +dw1l76Rq3imRd5dAXC7tNV65Dzet2XB2mXdFjEplYxNy1cRTN1eFCm10MIxpf4Pw +f/VnBXmAJ9Q4bUkvjSqXLjMf0ODBdhu/v7F1ismxPz/yTsWwaF52in6cV7LsPRiD +4mXVMF619McCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBQjwN3+bsWLHsr7k9K +bfranU8U1dKD05siA3w+Dop43G1eLzBjBrQvSUB4AMzd8a0KKD8dt0xm2s504wxU +SAyGgUcE+a1nPazZUPw5tJVRt41S808Gzd7zU+12UZiUjpE0Y8NayAyn+n/IhNPN +UHOFnZfgBJqWUOEO6+JyJXxYuqaXzmrYg5Kr4vr2tr9d6+hLsp3g3nJKoefPR1RS +2PMk1zubbbjsi9VF/yK6W4QNkfcZN74tMm+kNPAhid422L4FdZSupmfGts45uFWw +zHOOyKOGLkZ4pxNlMRKIL1aYtoyR4UetudX2CUkQsBs/w04DLehk6rjbtQPO4nTI +QYxm +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-cert.pem new file mode 120000 index 0000000..e8d6f50 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-pkinit@addom.samba.example.com-S05-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-private-key.pem new file mode 120000 index 0000000..aac9cfc --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom.samba.example.com/USER-pkinit@addom.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-pkinit@addom.samba.example.com-S05-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer Binary files differnew file mode 100644 index 0000000..857f73d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem new file mode 100644 index 0000000..794f9c2 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-cert.pem @@ -0,0 +1,169 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Feb 28 13:31:30 2020 GMT + Not After : Feb 23 13:31:30 2040 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@addom2.samba.example.com/emailAddress=pkinit@addom2.samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:33:db:43:5e:d5:91:27:95:35:d2:86:b2:e5: + 70:ac:b8:cf:74:01:2c:60:4d:67:b2:2c:2d:ef:c4: + 04:53:4d:08:9b:ce:55:ca:7a:ab:02:29:5d:3d:27: + ee:3e:a3:23:2e:3e:36:8d:f1:ca:8f:a7:4b:8b:a9: + 39:d3:33:39:d0:b9:f4:9b:c4:14:2c:41:67:be:6a: + 32:b6:86:0d:70:0e:eb:6c:b1:d1:ef:92:70:ec:70: + 70:2d:5f:4f:ea:6c:3e:9f:ee:9a:11:32:93:5f:b0: + e3:51:24:e2:33:08:22:ee:69:07:c6:10:a2:3f:43: + 67:3c:0b:48:b6:d1:92:99:22:de:fe:da:28:e9:12: + ba:a7:d6:54:76:c4:3c:56:a7:c9:e4:28:18:fd:89: + 8a:eb:02:42:88:27:59:61:f5:bd:5f:0d:eb:ce:80: + 4a:84:29:e5:38:93:1d:d9:0a:50:e3:eb:72:ec:b2: + 73:16:ab:75:33:3a:74:fd:6c:b8:a9:b9:09:c0:30: + 0a:74:d4:01:3e:00:0e:89:cf:87:aa:19:f5:7b:c4: + 0d:4f:b1:f1:40:59:54:67:28:aa:ca:18:75:7d:96: + d4:4d:99:e3:b1:84:bc:e7:65:80:ea:f6:dd:30:ce: + cf:14:67:b5:27:09:5f:83:a5:8c:87:62:8f:5a:22: + d5:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@addom2.samba.example.com + X509v3 Subject Key Identifier: + 6A:36:04:8E:C5:C3:2C:C9:17:BA:52:66:D3:AB:0D:C3:F2:25:1A:CD + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@addom2.samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 4d:5b:aa:28:b6:e0:a4:61:63:ed:09:7a:0e:2b:b2:c9:83:73: + f5:28:17:2b:d5:4e:c7:7b:01:99:5d:b9:c5:93:b3:a5:e2:64: + 33:96:38:55:c4:a4:84:9a:d1:dc:40:56:ec:da:a7:a5:3b:7c: + 91:c7:8d:03:44:44:9d:a5:0a:9e:de:6a:9d:c2:80:49:93:db: + 4d:74:fa:3c:fd:54:de:99:9c:f8:82:63:ba:5e:81:9e:4d:ae: + a2:a1:09:dd:81:5a:3e:81:31:8b:ff:85:32:ae:30:9e:1a:d6: + 04:d9:1c:bd:a5:0e:83:29:86:f4:be:0f:81:9a:84:f4:42:42: + 6d:20:18:16:ef:21:ac:51:b3:34:bd:0f:b5:2c:7e:c5:21:3d: + f7:77:95:1e:8f:45:3e:f8:79:93:ad:35:dd:cd:97:95:fe:b6: + 5f:88:e7:b8:38:54:15:29:61:2f:17:91:99:74:0c:66:9a:55: + 5c:dd:22:19:a1:8e:c1:a5:23:45:a4:85:f2:b2:98:3b:2c:85: + d8:2a:8e:9c:4d:6c:9e:9e:ef:80:24:2f:57:f3:a1:1f:09:c4: + 44:4d:11:d2:84:87:2a:57:f0:cc:9e:38:2c:3a:68:ee:0b:be: + e9:48:67:ff:87:2b:29:03:25:22:8e:00:33:f8:2a:7c:11:91: + 17:42:fc:6c:d1:94:c6:f0:7f:ad:c3:97:cf:9f:cc:a5:be:25: + 33:af:d4:c4:06:17:a7:be:11:bf:51:5e:6e:b8:26:56:1e:d5: + d6:ce:85:05:62:02:62:92:63:48:d9:d2:0b:e4:f9:2c:a2:53: + 4f:5e:3d:31:07:4d:5b:c4:48:bc:d5:f0:66:98:fd:85:45:26: + 4b:98:4f:a2:ac:05:a0:df:ee:4e:c9:9c:2f:3c:ee:74:9d:54: + 83:03:d8:42:a1:ba:57:a1:d4:43:93:a0:94:e3:0c:3b:cb:eb: + e6:05:73:60:18:32:81:25:21:55:14:99:2b:9d:0e:b2:72:31: + 63:73:5a:94:b2:30:e7:16:16:4c:33:68:cb:e6:87:aa:20:c6: + 9c:f1:26:3b:f5:76:7a:9b:07:f7:d9:c0:6c:50:04:d6:14:06: + 37:e5:fc:58:18:d5:a7:c8:29:56:9e:3c:fd:03:96:e8:4e:1a: + 7e:6e:e3:c9:aa:e6:3f:5d:1a:cd:86:f3:17:82:3b:ff:4c:8e: + 6b:d2:11:84:ce:36:cc:c8:fe:31:80:43:23:fa:fe:3c:8c:57: + a0:a1:1e:b9:08:c1:03:af:8f:3b:6b:cb:12:e4:6a:31:94:86: + 7a:17:c5:9f:80:bc:bc:e0:42:7b:5a:57:ef:b7:d3:0c:5f:98: + 71:aa:4e:cf:b4:c7:25:33:96:54:7b:ca:90:79:6f:f8:f0:c3: + e7:9d:e7:d0:67:4d:7b:20:7b:9d:d0:91:4f:ab:a3:a2:99:fa: + 9a:74:37:33:64:0c:bf:b6:94:3f:62:5f:a5:76:1e:60:54:e6: + bf:3a:11:5b:f0:ba:62:12:2e:9b:99:a2:37:9f:4c:b9:e8:8e: + d2:81:1f:0f:26:23:3b:9a:3b:69:70:09:e4:ae:05:65:04:3e: + 55:06:43:1f:5e:fb:2d:e6:03:b6:c4:ca:47:66:f0:d3:2b:a0: + 79:e8:45:a4:df:8f:31:fd:7e:67:ca:50:e0:b0:99:9d:2c:6a: + 16:f0:39:01:da:7f:d7:66:15:d1:99:3b:d7:7c:8a:bf:b7:d4: + b1:d3:fb:e2:fc:75:82:47:fc:96:42:57:ce:4a:d5:12:07:99: + 5b:ae:1a:c2:98:f1:fa:3d:a7:19:88:75:c8:fa:81:60:1f:19: + 21:0c:25:84:a1:c3:88:30:a7:80:da:85:85:e1:42:98:76:37: + ab:48:75:60:2d:1d:f9:05:6e:04:e2:2b:ce:37:75:17:27:0d: + 87:11:d6:2b:fa:37:bf:b7:e3:d2:96:b9:d8:92:18:4a:00:45: + 6d:9d:c6:20:d0:6b:2c:ed:33:06:08:d7:0f:56:44:5e:68:9f: + 9f:20:fc:57:a8:27:68:c9:f5:f5:2e:4d:0b:3c:a9:2e:92:2b: + d3:88:a9:18:27:24:0f:33:90:23:b3:41:99:5b:ec:bd:ef:ba: + 5b:4a:b6:a9:6c:b5:a5:d4:47:1e:9c:e7:32:0c:72:98:e7:8c: + a4:aa:72:8f:2b:90:5f:2d:23:bf:99:62:75:47:2f:9a:79:5e: + 4b:8a:8c:f2:28:df:30:59:6b:62:45:4b:b6:e5:39:ab:77:f0: + 51:4b:b7:6f:42:0a:81:a7:c0:c9:8a:c6:09:2a:e8:35:36:53: + c9:5b:93:dc:a5:1e:17:b1:cc:b4:13:b5:bb:b0:df:b8:cd:68: + 8a:10:18:8c:de:07:33:31:68:6b:f4:6a:dc:d0:17:10:c4:2d: + ec:66:51:c3:01:b3:2a:f0:0e:b9:c2:4d:7c:8d:d8:ab:c0:76: + 79:ca:e6:ff:a4:36:da:c1:8d:2e:13:7d:15:21:72:86:ad:4b: + 1b:73:4f:46:2f:fa:1e:ae:e8:8f:dd:79:6c:46:57:0a:05:ef: + 11:04:ae:a0:c5:13:86:6a:a3:cc:9c:b7:80:ef:18:5f:67:f7: + 43:ef:e2:94:4f:85:06:2f:d1:7a:97:07:ed:89:7d:aa:1e:e0: + cf:52:63:b9:28:95:aa:6d:ca:f2:20:c2:f3:07:83:c5:f4:a2: + ee:20:61:88:34:12:62:05:67:8d:f2:83:25:0b:9a:89 +-----BEGIN CERTIFICATE----- +MIII/TCCBOWgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0yMDAy +MjgxMzMxMzBaFw00MDAyMjMxMzMxMzBaMIGnMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxKDAmBgNVBAMMH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20xLjAsBgkqhkiG9w0BCQEWH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcM9tDXtWRJ5U10oay +5XCsuM90ASxgTWeyLC3vxARTTQibzlXKeqsCKV09J+4+oyMuPjaN8cqPp0uLqTnT +MznQufSbxBQsQWe+ajK2hg1wDutssdHvknDscHAtX0/qbD6f7poRMpNfsONRJOIz +CCLuaQfGEKI/Q2c8C0i20ZKZIt7+2ijpErqn1lR2xDxWp8nkKBj9iYrrAkKIJ1lh +9b1fDevOgEqEKeU4kx3ZClDj63LssnMWq3UzOnT9bLipuQnAMAp01AE+AA6Jz4eq +GfV7xA1PsfFAWVRnKKrKGHV9ltRNmeOxhLznZYDq9t0wzs8UZ7UnCV+DpYyHYo9a +ItV1AgMBAAGjggIRMIICDTAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0 +dHA6Ly93d3cuc2FtYmEuZXhhbXBsZS5jb20vY3Jscy9DQS1zYW1iYS5leGFtcGxl +LmNvbS1jcmwuY3JsMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwTwYJ +YIZIAYb4QgENBEIWQFNtYXJ0IENhcmQgTG9naW4gQ2VydGlmaWNhdGUgZm9yIHBr +aW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb20wHQYDVR0OBBYEFGo2BI7FwyzJ +F7pSZtOrDcPyJRrNMB8GA1UdIwQYMBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+MFsG +A1UdEQRUMFKBH3BraW5pdEBhZGRvbTIuc2FtYmEuZXhhbXBsZS5jb22gLwYKKwYB +BAGCNxQCA6AhDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4YW1wbGUuY29tMDEGA1Ud +EgQqMCiBJmNhLXNhbWJhLmV4YW1wbGUuY29tQHNhbWJhLmV4YW1wbGUuY29tME0G +CWCGSAGG+EIBBARAFj5odHRwOi8vd3d3LnNhbWJhLmV4YW1wbGUuY29tL2NybHMv +Q0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAfBgNVHSUEGDAWBggrBgEFBQcD +AgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCBAEATVuqKLbgpGFj7Ql6Diuy +yYNz9SgXK9VOx3sBmV25xZOzpeJkM5Y4VcSkhJrR3EBW7NqnpTt8kceNA0REnaUK +nt5qncKASZPbTXT6PP1U3pmc+IJjul6Bnk2uoqEJ3YFaPoExi/+FMq4wnhrWBNkc +vaUOgymG9L4PgZqE9EJCbSAYFu8hrFGzNL0PtSx+xSE993eVHo9FPvh5k6013c2X +lf62X4jnuDhUFSlhLxeRmXQMZppVXN0iGaGOwaUjRaSF8rKYOyyF2CqOnE1snp7v +gCQvV/OhHwnERE0R0oSHKlfwzJ44LDpo7gu+6Uhn/4crKQMlIo4AM/gqfBGRF0L8 +bNGUxvB/rcOXz5/Mpb4lM6/UxAYXp74Rv1FebrgmVh7V1s6FBWICYpJjSNnSC+T5 +LKJTT149MQdNW8RIvNXwZpj9hUUmS5hPoqwFoN/uTsmcLzzudJ1UgwPYQqG6V6HU +Q5OglOMMO8vr5gVzYBgygSUhVRSZK50OsnIxY3NalLIw5xYWTDNoy+aHqiDGnPEm +O/V2epsH99nAbFAE1hQGN+X8WBjVp8gpVp48/QOW6E4afm7jyarmP10azYbzF4I7 +/0yOa9IRhM42zMj+MYBDI/r+PIxXoKEeuQjBA6+PO2vLEuRqMZSGehfFn4C8vOBC +e1pX77fTDF+YcapOz7THJTOWVHvKkHlv+PDD553n0GdNeyB7ndCRT6ujopn6mnQ3 +M2QMv7aUP2JfpXYeYFTmvzoRW/C6YhIum5miN59MueiO0oEfDyYjO5o7aXAJ5K4F +ZQQ+VQZDH177LeYDtsTKR2bw0yugeehFpN+PMf1+Z8pQ4LCZnSxqFvA5Adp/12YV +0Zk713yKv7fUsdP74vx1gkf8lkJXzkrVEgeZW64awpjx+j2nGYh1yPqBYB8ZIQwl +hKHDiDCngNqFheFCmHY3q0h1YC0d+QVuBOIrzjd1FycNhxHWK/o3v7fj0pa52JIY +SgBFbZ3GINBrLO0zBgjXD1ZEXmifnyD8V6gnaMn19S5NCzypLpIr04ipGCckDzOQ +I7NBmVvsve+6W0q2qWy1pdRHHpznMgxymOeMpKpyjyuQXy0jv5lidUcvmnleS4qM +8ijfMFlrYkVLtuU5q3fwUUu3b0IKgafAyYrGCSroNTZTyVuT3KUeF7HMtBO1u7Df +uM1oihAYjN4HMzFoa/Rq3NAXEMQt7GZRwwGzKvAOucJNfI3Yq8B2ecrm/6Q22sGN +LhN9FSFyhq1LG3NPRi/6Hq7oj915bEZXCgXvEQSuoMUThmqjzJy3gO8YX2f3Q+/i +lE+FBi/RepcH7Yl9qh7gz1JjuSiVqm3K8iDC8weDxfSi7iBhiDQSYgVnjfKDJQua +iQ== +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem new file mode 100644 index 0000000..1e61500 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIV6+MM3EXFiACAggA +MBQGCCqGSIb3DQMHBAjsohDWEPj6zgSCBMgedcAX42Jx6DI9zhBX9GTM5t734KMA +5QsAoALazfaMdUZ2oULJJeFon4s497Wc8amj661+TkvhIJNi1zRZA1ZC1xphQDsr +yjJx8elNBHUvaJDKEE9aN+EEJ2+TkExTX6BAYeewNN0VgjV9Kpwy0ejD8gZZKBa0 +oGtmqCQTMrGdmKTuPa2H463oexgr+6futCbR/qxp9k/lRBGy6z7+sM7FvS9NVLN5 +gRrXjwFGA01Rb4Ch4ZmbU04EyJh+0EvjXC5e2t76GLp3EtjVpOuNuaZOiHQ7t/ah +xaU5fHwoBWwuXjZc2diFvcuNNnJ0e7K9AMkfIuk/Bn4wEyo8jSAZPzEzatZf6gxg +DoGkXaoB7Yf2+Mb0qg8IiMf/1IICHF046liDxNmnbAHOsREXJtwtV2H6gUuh+zX1 ++B/jwhAXt62FUwnd4WdCHyo4NjOBwQADibiTTcgvdnkn+XKYzyNii6RGjA95mpbp +loA71aV2QoBZH4bQ18YrCNshAf1tanZvxByjB/61IeMxz4m0BlwZbIT06rrpNLqh +k6w7wmW2sdgN9kWb772+zUJFahNmJU4qfr8Kg/NIvqj63HMXwgCfuGLI7vUFmmhp +dkqfadcu32XxitWYHZkvJPtCFb3AKcIR7OzWc117VuHu+kWSVhfst70LROSOXiwa +TajBA0P83LccmR6z67/JWRvQwDc9uF+6xVM3tZga+odi/Fee/N0c2yYqxlrebmqU +Qlp6xzjIrpTpwCBEBXgJQsv+kcIQIpDPhG8+y44OHBcHoGaDFVYX8KNcO98b1EYC +EW6cy6PrmaE5AkC+jlPPQqcTRJvCVeq3MIUmJg2M3ivsTdlSqbCVfnJgYTnGD9sS +pAtc1I+7OqOfp5jqHgCmnK0pdbmFLDuKJNuzNb356nNFA+CUejWzZGPth6pVFGyq +9234oSwUCjP3kKG89JVSEflvTAEsySWHO3Vs4lyu0/1Dd1k1Bfc6YYgGH0JiXvtf +y2Ys7u51m9NL4BgpbMvLpNmKvZlztJhGqw9Og1g/GdcURhqgajK8HGNJz1hpgzq5 +frlMKP8NnCwhID7IZzaQbcBMA9OUQds6XrB6Fd60vmTx4UMg6fIBCzLOR1lSmxcn +64QUkepM9+jBKlWla9MlMECB2csxdlRCpSYIdguyd+i0ftEmq1ZG77+c5/9LNFSh +SMDUJ5qg6UsFBVCmJezG0yrkPcTEmTQxAAcWN+C37cMq/3htAw3njfOGaiJliYUn +vKc4+yZH9PQxaZB+l2pVOjJYmetcmEDnfrrUVst+xzusVzT/IyYEyC+DTi3U2Suh +AOUoAZP2QnAEYRWsN4dcClKJt/fSBcQIIqYeljAxzi+DmxOBALHkuUd7AhozpV7P +3F0hHD2lD3/9ncIHjHZ+DshiWVmxgvPcKFi2spbeb/CBpJ7YmkFww7C9YOctP5eq +vIsesf2ZsGaKNbogfBRKuQP1o0FkWGqUnzVe0Ww56uGerz5EU+I/LecLAmS0e5jt +FtAlVXcRKo7UtXMJHekQRnF70xk9gYV3qZIP7bXDh01gX/TVEL7PHeBZBkej5Mrk +debSOuvlVxnnAYyreZl1MtnneT8L7nwi+lKRkq5aps82iUa2sKPgoFQODZrLBAyM +HOE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf new file mode 100644 index 0000000..effde23 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = pkinit@addom2.samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = pkinit@addom2.samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for pkinit@addom2.samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:pkinit@addom2.samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem new file mode 100644 index 0000000..a0b894c --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3DPbQ17VkSeVNdKGsuVwrLjPdAEsYE1nsiwt78QEU00Im85V +ynqrAildPSfuPqMjLj42jfHKj6dLi6k50zM50Ln0m8QULEFnvmoytoYNcA7rbLHR +75Jw7HBwLV9P6mw+n+6aETKTX7DjUSTiMwgi7mkHxhCiP0NnPAtIttGSmSLe/too +6RK6p9ZUdsQ8VqfJ5CgY/YmK6wJCiCdZYfW9Xw3rzoBKhCnlOJMd2QpQ4+ty7LJz +Fqt1Mzp0/Wy4qbkJwDAKdNQBPgAOic+Hqhn1e8QNT7HxQFlUZyiqyhh1fZbUTZnj +sYS852WA6vbdMM7PFGe1Jwlfg6WMh2KPWiLVdQIDAQABAoIBAHKz6HEtgx37enPw +2A10Cr9N/XI18kGv0GY1MTCF8KLbq7JNRs8UGuQjW9gxZp7mJ7s82PoTiypNQMLd +QavMMT+SveItvzxWTY4Yj5YYOgO3IdcawXqD06K15xkbXuuDuxNgHIz8xVvBLofk +KJfgkyGRQGVh4MIHgEz8q8HfZPezBGIxxfjXPkZ7NEJGcVUKyhSaEn0uJ2wcWkzf +eCx4ZNNp82MHR9OO7sMc87oJDKm38JbZPKnONU75L8Kjk+qBljCLNT71pqIFQfVD +QFUsGDLs2aBqsP/AZjeUX6+AinBV7CQ43EB4Y8t1U62k+AaNqocg+QjdspUGsTVd +V3XRxoECgYEA/6JFdxUnOtV0DRi/TGCN27nfASsa7JkVZLY+mJMBrPOKqK1IfXmC +isqykMY0NLKK5pgjQqWuoiri9uuzPNwK8OfNOvJUZAsElr4OlH15yz3vjG4Jr9Hx +EPIL1J95Nuo4mCtNx/DUHiDCWR5qvTXteKRa5Zb0FpT7BwSnzhC9KaUCgYEA3ISY +HOiXzWiEbG5cnklPGsnkfl5br77jFbFwu1HSO+pcDTRs4yRt9CSRvtv/f82yPVw1 +p7ZU4kqos2sSgdyqr/LYzRBXpcfK8yKZB0S1irNgS5G7FRgRj4MhnIfB8zwAmWAJ +TdIkiZHpP1LRs/A4EAveE3HbVkKR8CkgrMabE5ECgYEA9ONA5IkxIZ1mJT211LcS +bpGq3nWqv0kPQ4GKiaMakdJk3J3Tuc/zjH4Nfb9CN9FqWukXrjsGBnhLIPw+omix +WoLVCkknKwebB8VeNkXVrSvSFZc8VGAsLW2Sg8eZ2U+bk7q4Mne03H/JbpJC8qt8 +qHvaT+LCRffGWrzM/AzxCbkCgYEAu2wCsQdLBi0f59zA4VNjZVxU1Maz3KI79VMT +glHfgkcFJ7/4D/IFdeyi5vmqpWAZbqdxfvKsIIzd52hImZEIjXS0qU2LgP5XUuCD ++bZ/KbydSn046YvEWRpVtel4gZfs1m7WWYsSvM4D1Ws5ilrP+2tqu1IY3q7DxL/f +4pkGctECgYBa4TCPS3pxG6trEA5J2U4GaL5poK1MXXSd1CAkdij3npxYP2siRNz5 +SMA/TvJEA6wzhsbA6kqpESmPFim6IfywGdE6WbNu/dEA00EmLW+YeBGVBGVaUro4 +gz3ruHdztghRJFNrN4sjYGiPjKTG74U/aUNIGZXsxTJA8R8U0Y8KPw== +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 Binary files differnew file mode 100644 index 0000000..ea4d241 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem new file mode 100644 index 0000000..7c0934a --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-S08-req.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMSgwJgYDVQQDDB9wa2luaXRAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMS4wLAYJKoZIhvcNAQkBFh9wa2luaXRAYWRkb20yLnNhbWJhLmV4 +YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DPbQ17V +kSeVNdKGsuVwrLjPdAEsYE1nsiwt78QEU00Im85VynqrAildPSfuPqMjLj42jfHK +j6dLi6k50zM50Ln0m8QULEFnvmoytoYNcA7rbLHR75Jw7HBwLV9P6mw+n+6aETKT +X7DjUSTiMwgi7mkHxhCiP0NnPAtIttGSmSLe/too6RK6p9ZUdsQ8VqfJ5CgY/YmK +6wJCiCdZYfW9Xw3rzoBKhCnlOJMd2QpQ4+ty7LJzFqt1Mzp0/Wy4qbkJwDAKdNQB +PgAOic+Hqhn1e8QNT7HxQFlUZyiqyhh1fZbUTZnjsYS852WA6vbdMM7PFGe1Jwlf +g6WMh2KPWiLVdQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAFdpb3Rsn94pfog0 +u423+MP/Y3Kt/mjLUV++hmGzIi8rAFLAjQTSlM+uGF3895+kIzH9k+y0d8nYiN2n +GPhsj4KKKurtiAsykKdE3+da0sQ/DdL7FXq7AvjzQOcoUpU3tRncNApW8mD91Yuk +YpOMysX1PhNbUK8+E+jzP8lngs6cu5yKbeK8JF/0GI74XoCB4+oVKO23SgjXOrmw +4lDKMYD7L9+N8/a6g29JEhwjxx+BTKjwjehQlkO0zT2ZRzEGk9LPoJY8CWiS31l0 +FHlUhO+drJygaFDqSd82hmo6oBSO81evk3Vow7po/E9UGVJY2X9nfGXS9+HlV/kW +IYOVlmQ= +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem new file mode 120000 index 0000000..aa6521d --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-pkinit@addom2.samba.example.com-S08-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem new file mode 120000 index 0000000..3784f3f --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@addom2.samba.example.com/USER-pkinit@addom2.samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-pkinit@addom2.samba.example.com-S08-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.cer b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.cer Binary files differnew file mode 100644 index 0000000..9a8d7ae --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.cer diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.pem new file mode 100644 index 0000000..730b824 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-cert.pem @@ -0,0 +1,168 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=SambaState, L=SambaCity, O=SambaSelfTesting, OU=CA Administration, CN=CA of samba.example.com/emailAddress=ca-samba.example.com@samba.example.com + Validity + Not Before: Jun 3 19:30:29 2016 GMT + Not After : May 29 19:30:29 2036 GMT + Subject: C=US, ST=SambaState, O=SambaSelfTesting, OU=Users, CN=pkinit@samba.example.com/emailAddress=pkinit@samba.example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dd:c4:48:44:a5:e9:6b:b4:41:03:6a:dc:34:1f: + d6:41:ce:f7:cb:b2:44:a7:a3:0e:89:16:ff:0d:62: + 23:e0:8b:24:db:82:82:68:29:22:1b:57:44:12:c6: + ea:10:2d:6f:3a:4b:75:b1:2e:76:62:01:62:ff:ba: + 3d:67:e1:39:0d:12:38:b0:fc:b3:e5:0e:dd:77:73: + 2b:99:25:86:d5:15:84:08:be:b0:8b:38:d7:64:9d: + d6:e7:dc:4d:9a:fb:ea:17:41:bb:d1:cf:1a:b9:5b: + 0b:8a:e5:8c:5a:b7:2d:ab:bd:f7:c3:91:ae:26:c2: + e3:97:27:ea:3f:be:c9:22:af:d6:76:35:45:b0:72: + 86:f2:bd:bf:e2:d3:e3:e3:68:52:26:db:f0:a6:6a: + 0e:63:05:9b:17:6d:13:ee:c4:15:41:96:27:06:90: + fd:10:b5:f9:6c:74:be:b0:a8:bb:70:f7:a2:25:da: + f7:f1:91:c2:69:6c:40:c4:63:e8:06:83:e0:1d:b7: + 2b:29:d3:75:d1:df:c1:d2:90:af:b9:81:47:78:f3: + f1:1a:c9:20:e3:1b:6f:e4:fd:2e:0b:65:a7:6f:b1: + b2:a0:d3:e3:d2:2f:2b:ef:fd:01:5b:27:e7:1b:c1: + 0e:bc:bd:f0:7b:b2:34:a9:9b:4d:2c:c8:65:33:c8: + 33:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + Netscape Comment: + Smart Card Login Certificate for pkinit@samba.example.com + X509v3 Subject Key Identifier: + E9:67:66:B8:3D:F1:39:AB:1A:4D:00:9D:EC:CE:FF:4B:50:D8:5D:A2 + X509v3 Authority Key Identifier: + keyid:A2:3E:02:2A:A3:A7:4D:39:B4:08:4D:99:CC:0C:75:36:EA:27:C3:3E + + X509v3 Subject Alternative Name: + email:pkinit@samba.example.com, othername:<unsupported> + X509v3 Issuer Alternative Name: + email:ca-samba.example.com@samba.example.com + Netscape CA Revocation Url: + http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + X509v3 Extended Key Usage: + TLS Web Client Authentication, scardLogin + Signature Algorithm: sha256WithRSAEncryption + 88:3e:f3:98:08:ef:cd:53:3a:07:d5:1c:fd:26:7c:f1:96:2e: + b9:06:87:f2:5b:e2:be:d1:04:6e:38:59:14:49:9d:46:ef:7e: + 6c:08:02:3e:18:09:09:61:a8:1d:a9:da:59:40:58:5f:d2:ca: + 4f:76:0e:7e:01:db:05:03:fb:78:c7:89:86:aa:1b:dc:02:bb: + 86:a5:02:7c:01:54:dd:ad:e0:43:c5:d9:ec:86:c2:47:b5:5a: + 1c:8c:06:0e:fe:11:ad:a5:57:37:f5:0a:35:65:a4:f2:27:14: + 2f:bf:53:48:66:e1:da:b9:58:95:a2:d1:95:9c:ae:0a:ca:29: + a6:ef:7a:58:74:86:40:ea:2a:c6:18:9f:1a:d9:70:e2:a8:aa: + 8d:f1:22:bf:b6:e4:61:d4:21:ee:bf:17:e1:aa:d1:cf:0b:35: + 82:c7:3f:a1:be:d1:a5:bd:4e:04:0d:cf:11:2d:d6:0c:7e:47: + 5c:5e:84:d2:10:60:7e:97:d7:52:be:a1:cd:2d:85:da:b2:dd: + 68:88:12:a4:88:5f:16:0c:ae:6f:60:7f:da:58:5f:91:bd:8d: + 15:20:c2:74:94:0b:93:65:80:7c:77:15:a2:70:bb:98:be:41: + 1a:2e:c5:78:52:64:e7:44:03:3f:64:97:10:a9:1b:17:f3:79: + f9:51:0c:4c:58:e7:03:e7:bb:fd:34:ff:c0:4a:ad:b1:7a:ba: + 97:3c:f8:e0:9e:30:3d:e7:5f:be:ac:6a:b3:c1:1e:50:7c:cd: + ce:18:bd:96:73:fb:9c:90:e7:ae:e0:be:c5:65:29:9a:1c:da: + c3:64:2a:99:dc:93:61:32:9a:70:1a:45:83:72:38:0f:57:de: + 0d:f5:64:71:97:de:b5:64:99:43:30:6d:3f:25:82:b5:3e:a1: + ba:39:d2:fc:b8:df:7e:57:da:fc:be:c2:84:2e:99:41:52:a2: + 18:f4:99:c7:e2:b9:af:2a:84:32:5c:cb:ba:26:86:6b:8e:58: + 30:d8:4f:5b:60:34:fd:30:de:c5:a0:7a:8c:e7:34:2b:bc:81: + 6d:4c:a8:b5:ba:b5:52:b9:42:e5:d8:7e:be:31:a3:8e:b0:c3: + f6:16:28:92:e7:9d:3f:c8:cf:a0:4a:b0:3a:ae:75:59:ab:19: + 91:e4:2e:76:57:3f:58:88:5f:2e:7b:c5:8f:11:25:0f:cd:8f: + e3:91:80:2f:d4:7b:5a:80:c3:c9:7c:0a:aa:01:bf:5c:8c:0e: + 57:84:bf:72:ad:7b:0a:b9:95:27:0f:aa:9b:96:08:8e:bb:63: + 56:5a:1d:ad:0c:5b:1c:04:38:ae:2b:88:d4:d1:68:20:f2:a0: + 9b:77:9c:95:db:17:cb:cf:79:4a:13:66:c9:34:36:f6:c6:f9: + 8b:4b:92:5e:59:a3:5d:75:4e:fa:f2:fa:d5:d9:66:80:82:a4: + 8d:e2:d8:b6:ed:c5:a3:ca:a2:70:64:9c:b9:1c:49:b2:2f:46: + b3:13:3b:88:a7:5a:8e:22:b7:90:f5:74:27:21:06:a4:94:bb: + b1:cb:e7:e4:92:f0:e9:80:15:94:82:1a:97:34:d0:cf:aa:37: + b1:27:a5:38:39:7c:8d:ba:a1:12:dd:30:48:44:90:0c:35:0f: + cc:e6:13:e7:c9:06:36:1d:b0:c9:be:28:0f:47:1c:b0:47:a3: + 20:d1:bb:a1:85:1a:80:c2:9b:70:61:9f:a7:82:46:3c:80:28: + 0c:17:f6:fc:75:83:be:ff:5c:da:bc:be:2c:65:a6:c0:fc:c1: + 32:ae:9a:bf:d1:7c:fb:b3:26:3b:77:03:fe:a9:e9:ae:4c:72: + 58:a9:6e:ce:ad:c0:1f:30:b2:06:32:65:af:5f:db:3d:2b:ab: + c5:46:5c:0a:df:50:b5:7e:31:c8:b0:7e:50:e2:aa:d8:01:8e: + ea:e7:3c:8b:90:73:de:77:9f:47:ea:af:16:0d:a5:c0:89:6f: + 86:a4:84:f7:1f:03:fd:7d:f8:a8:7d:9c:9a:f1:13:c8:d5:5b: + 9c:2f:71:c1:c0:c2:17:89:39:6d:28:2d:20:31:ca:60:cf:7f: + 78:42:5c:a3:28:76:19:a8:ca:e6:07:22:6d:7f:04:b1:20:ab: + 70:40:33:e9:a3:fa:da:b5:7c:ee:70:0b:c6:a2:6a:90:1a:10: + fe:8a:9b:56:5c:44:85:f1:b4:41:67:0b:c1:a3:68:2f:ff:b1: + 48:f3:38:4b:28:4e:52:36:0c:9b:37:aa:7e:82:63:c3:61:33: + a9:05:b3:af:13:07:b3:9e:4d:4c:3c:c4:47:34:ce:f3:6e:55: + 69:d7:af:dc:e4:82:34:9b:fe:cc:d9:db:1f:08:3e:3c:3a:9b: + ac:a7:7e:61:3f:5f:01:0c:d8:f3:63:31:31:07:e2:05:84:30: + 65:f4:b0:a6:cc:ad:63:fe:06:db:d7:e9:2f:9d:db:2c:64:af: + d6:d1:cc:9e:c3:11:09:ad:7d:e2:06:6d:21:ad:a5:4f:a6:87: + 9b:ee:db:6c:e9:69:a7:6a:eb:93:67:e2:e9:6f:23:f8:2e:95: + 78:5f:a8:66:ae:7e:2c:5e:6b:07:3e:02:ad:20:af:61:9c:0e: + 1d:c6:7a:31:5a:33:bd:61:1a:67:5b:a9:42:3c:17:67:f8:dd: + 80:e3:ab:62:a0:42:53:33:1f:f7:79:ea:32:d1:26:dd:bb:c6: + 26:aa:2c:ac:16:7e:24:b4:ae:7d:ce:77:e8:5f:2d:97 +-----BEGIN CERTIFICATE----- +MIII2jCCBMKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMClNhbWJhU3RhdGUxEjAQBgNVBAcMCVNhbWJhQ2l0eTEZMBcGA1UE +CgwQU2FtYmFTZWxmVGVzdGluZzEaMBgGA1UECwwRQ0EgQWRtaW5pc3RyYXRpb24x +IDAeBgNVBAMMF0NBIG9mIHNhbWJhLmV4YW1wbGUuY29tMTUwMwYJKoZIhvcNAQkB +FiZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5leGFtcGxlLmNvbTAeFw0xNjA2 +MDMxOTMwMjlaFw0zNjA1MjkxOTMwMjlaMIGZMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKU2FtYmFTdGF0ZTEZMBcGA1UECgwQU2FtYmFTZWxmVGVzdGluZzEOMAwGA1UE +CwwFVXNlcnMxITAfBgNVBAMMGHBraW5pdEBzYW1iYS5leGFtcGxlLmNvbTEnMCUG +CSqGSIb3DQEJARYYcGtpbml0QHNhbWJhLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cRIRKXpa7RBA2rcNB/WQc73y7JEp6MOiRb/ +DWIj4Isk24KCaCkiG1dEEsbqEC1vOkt1sS52YgFi/7o9Z+E5DRI4sPyz5Q7dd3Mr +mSWG1RWECL6wizjXZJ3W59xNmvvqF0G70c8auVsLiuWMWrctq733w5GuJsLjlyfq +P77JIq/WdjVFsHKG8r2/4tPj42hSJtvwpmoOYwWbF20T7sQVQZYnBpD9ELX5bHS+ +sKi7cPeiJdr38ZHCaWxAxGPoBoPgHbcrKdN10d/B0pCvuYFHePPxGskg4xtv5P0u +C2Wnb7GyoNPj0i8r7/0BWyfnG8EOvL3we7I0qZtNLMhlM8gzFwIDAQABo4IB/DCC +AfgwCQYDVR0TBAIwADBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vd3d3LnNhbWJh +LmV4YW1wbGUuY29tL2NybHMvQ0Etc2FtYmEuZXhhbXBsZS5jb20tY3JsLmNybDAR +BglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMEgGCWCGSAGG+EIBDQQ7FjlT +bWFydCBDYXJkIExvZ2luIENlcnRpZmljYXRlIGZvciBwa2luaXRAc2FtYmEuZXhh +bXBsZS5jb20wHQYDVR0OBBYEFOlnZrg98TmrGk0AnezO/0tQ2F2iMB8GA1UdIwQY +MBaAFKI+Aiqjp005tAhNmcwMdTbqJ8M+ME0GA1UdEQRGMESBGHBraW5pdEBzYW1i +YS5leGFtcGxlLmNvbaAoBgorBgEEAYI3FAIDoBoMGHBraW5pdEBzYW1iYS5leGFt +cGxlLmNvbTAxBgNVHRIEKjAogSZjYS1zYW1iYS5leGFtcGxlLmNvbUBzYW1iYS5l +eGFtcGxlLmNvbTBNBglghkgBhvhCAQQEQBY+aHR0cDovL3d3dy5zYW1iYS5leGFt +cGxlLmNvbS9jcmxzL0NBLXNhbWJhLmV4YW1wbGUuY29tLWNybC5jcmwwHwYDVR0l +BBgwFgYIKwYBBQUHAwIGCisGAQQBgjcUAgIwDQYJKoZIhvcNAQELBQADggQBAIg+ +85gI781TOgfVHP0mfPGWLrkGh/Jb4r7RBG44WRRJnUbvfmwIAj4YCQlhqB2p2llA +WF/Syk92Dn4B2wUD+3jHiYaqG9wCu4alAnwBVN2t4EPF2eyGwke1WhyMBg7+Ea2l +Vzf1CjVlpPInFC+/U0hm4dq5WJWi0ZWcrgrKKabvelh0hkDqKsYYnxrZcOKoqo3x +Ir+25GHUIe6/F+Gq0c8LNYLHP6G+0aW9TgQNzxEt1gx+R1xehNIQYH6X11K+oc0t +hdqy3WiIEqSIXxYMrm9gf9pYX5G9jRUgwnSUC5NlgHx3FaJwu5i+QRouxXhSZOdE +Az9klxCpGxfzeflRDExY5wPnu/00/8BKrbF6upc8+OCeMD3nX76sarPBHlB8zc4Y +vZZz+5yQ567gvsVlKZoc2sNkKpnck2EymnAaRYNyOA9X3g31ZHGX3rVkmUMwbT8l +grU+obo50vy4335X2vy+woQumUFSohj0mcfiua8qhDJcy7omhmuOWDDYT1tgNP0w +3sWgeoznNCu8gW1MqLW6tVK5QuXYfr4xo46ww/YWKJLnnT/Iz6BKsDqudVmrGZHk +LnZXP1iIXy57xY8RJQ/Nj+ORgC/Ue1qAw8l8CqoBv1yMDleEv3Ktewq5lScPqpuW +CI67Y1ZaHa0MWxwEOK4riNTRaCDyoJt3nJXbF8vPeUoTZsk0NvbG+YtLkl5Zo111 +Tvry+tXZZoCCpI3i2LbtxaPKonBknLkcSbIvRrMTO4inWo4it5D1dCchBqSUu7HL +5+SS8OmAFZSCGpc00M+qN7EnpTg5fI26oRLdMEhEkAw1D8zmE+fJBjYdsMm+KA9H +HLBHoyDRu6GFGoDCm3Bhn6eCRjyAKAwX9vx1g77/XNq8vixlpsD8wTKumr/RfPuz +Jjt3A/6p6a5Mclipbs6twB8wsgYyZa9f2z0rq8VGXArfULV+MciwflDiqtgBjurn +PIuQc953n0fqrxYNpcCJb4akhPcfA/19+Kh9nJrxE8jVW5wvccHAwheJOW0oLSAx +ymDPf3hCXKModhmoyuYHIm1/BLEgq3BAM+mj+tq1fO5wC8aiapAaEP6Km1ZcRIXx +tEFnC8GjaC//sUjzOEsoTlI2DJs3qn6CY8NhM6kFs68TB7OeTUw8xEc0zvNuVWnX +r9zkgjSb/szZ2x8IPjw6m6ynfmE/XwEM2PNjMTEH4gWEMGX0sKbMrWP+BtvX6S+d +2yxkr9bRzJ7DEQmtfeIGbSGtpU+mh5vu22zpaadq65Nn4ulvI/gulXhfqGaufixe +awc+Aq0gr2GcDh3GejFaM71hGmdbqUI8F2f43YDjq2KgQlMzH/d56jLRJt27xiaq +LKwWfiS0rn3Od+hfLZc= +-----END CERTIFICATE----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-key.pem new file mode 100644 index 0000000..44f2dca --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI3lMKoRxwFl4CAggA +MBQGCCqGSIb3DQMHBAh3N+m1jtZvYgSCBMjc0ubJOkfSna22cqDmoGRkN/3T/nfk +zjaeXgq95J/FKJjrDL8t+ywAM/Xrs5CIRraaiJQ2ddYy6ViaKsoK00lVxx1zelFA +7HZke3gXQnmJEXxnb2cCJhYwX5ElT/QoSgxh9cLuLnw/4HVp4K0wCAjmCkYtCc32 +HvqCJJU2Gj97rVMr43jz/GISBKdFtzBSP059SRNgutczONs4zBV3YZNYMOO+GZWF +Gt46vy0rzEgEku9PdNSBG48j2VCidj6VzJSDzrS8gMcNVd65quzCoCLoaUZ+Xgf0 +T28rwElhRe0Khji1fW2KyeyMNwtivKZPVOzOkS4gdmRZq64WdZBSC0yL4VepXXML +wUtPORgYZ0VkkLZHJ5exLQJESQz68CX9kiryoZgDbZMcYzDBI4lkFwtqRTKRbmM+ +K4VPVxqWREAmnMPBfdDBRKi0yml2Y53Eq5PAhCqkhbFe5JiZ5OGlwGY+zPiFZ+65 +EYHTcjCW1NIY1GTKYp7AYQ0JX4tNqFQon+9GLmowODQeW0DkcCKabHNTNUnCwW0d +qxyzC+gUEMCas1ZjVlkxeTEzYm7820DierzEc2pdvWRm6p8EHlFOboD65HpxpG4h +wYbe2ctNoB0gpaFDgaEsECxJ6ZxkMk2x39UPlAawkVshGs9W8StIxHgSUv4H9T/S +9SAiQKQOGOpyj0V+zfq6IW/XXK+lbV5CRSYwSAmC1JuEeR8Hy6guPmjNC4Otp/5j +NjiYDHWtQKvnYJDZOZraW1QqHlrwB6SNt3EAWYHR+d/OOPedeUh/WvtT7brnPu1Z +fQPkQLJtKyvG6rkNvAJl3Zl67cz3D3G1J/MSpFXc4dUcTKfldR5uSQSpVqFEWqmw +hgBxsv7OI0c/NMFt1JmUpQTMxhFqLKCjwVI9LZgJfl+EFPI5PCJY7mHBMfhDgZek +epAS7V+zaVOXZw41unk8HGgTx+u64g5cM8QEfs23RSu8t2122p7q4n1qgZ9pWtQZ +hwxhqvI4I4fnFVqgBRih9xQ3Vg/jCCtRLEPtrtlYYHGhejZ+6oSNN11aacOoVoBj +15rdwA45ch/W62ktHwvjoE8welXUOmjLLYh3zZH0tqdwOMDv0MRAjC0k4tACYClC +TqHipCjqead5vZRM40hCzE70AB4pLm6utAseJb8C/EweqlbhBaYqqPFZo/GdqD8s +9hQ3NU29ynrtIeuj359y9gLQU4Tc+dU8f6bxTE5IKrTwk552695lODKb5R4J1rN9 +weY1fcXWCHPiVJhmFnWo11nNPt7vS+m0eUCVdAAOdPoZwBLswTD6wCxquXXLi7wR +1a4vA8inf/nV+8kHebyhrQdS3uekqQZbPbfE545csLXnJdb+N418q/Vxw9lIH+N0 +90GeOdWGM34fXRzrPFlDSW5IhKDSR8+4tU71Fq4kwI1Z1AFN4oJUgcRRNm/fdd3w +V1PLnYYpTIFpunuerCDqYtHiIh2uwtWUWzPgIK7mm/UV5VSDsWTYktPlkTxEAwzm +ktuharKIvzLA13p5PXBHpjv27wJjgs6kPuWgBpG1IosC4nDq2355lBLqFSgK1pUt +Px6tls4RkaOTk8+t6J6W2ZeaF4Nu7kG6qnTqUuBkshcqcS3A53i2m0O/ug7n3vfU +QHM= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-openssl.cnf b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-openssl.cnf new file mode 100644 index 0000000..3ece25f --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-openssl.cnf @@ -0,0 +1,242 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = http://www.samba.example.com/crls/CA-samba.example.com-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = CA-samba.example.com # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-samba.example.com-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-samba.example.com-cert.pem # The CA certificate +serial = $dir/Private/CA-samba.example.com-serial.txt # The current serial number +crlnumber = $dir/Private/CA-samba.example.com-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-samba.example.com-crl.pem # The current CRL +crl = $dir/Public/CA-samba.example.com-crl.crl # The current CRL +private_key = $dir/Private/CA-samba.example.com-private-key.pem # The private key +RANDFILE = $dir/Private/CA-samba.example.com.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = SambaState + +localityName = Locality Name (eg, city) +localityName_default = SambaCity + +organizationName = Organization Name (eg, company) +organizationName_default = SambaSelfTesting + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Users + +commonName = Common Name (eg, YOUR name) +commonName_default = pkinit@samba.example.com +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = pkinit@samba.example.com +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for pkinit@samba.example.com" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:pkinit@samba.example.com + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private-key.pem new file mode 100644 index 0000000..5492ba3 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA3cRIRKXpa7RBA2rcNB/WQc73y7JEp6MOiRb/DWIj4Isk24KC +aCkiG1dEEsbqEC1vOkt1sS52YgFi/7o9Z+E5DRI4sPyz5Q7dd3MrmSWG1RWECL6w +izjXZJ3W59xNmvvqF0G70c8auVsLiuWMWrctq733w5GuJsLjlyfqP77JIq/WdjVF +sHKG8r2/4tPj42hSJtvwpmoOYwWbF20T7sQVQZYnBpD9ELX5bHS+sKi7cPeiJdr3 +8ZHCaWxAxGPoBoPgHbcrKdN10d/B0pCvuYFHePPxGskg4xtv5P0uC2Wnb7GyoNPj +0i8r7/0BWyfnG8EOvL3we7I0qZtNLMhlM8gzFwIDAQABAoIBAQCgUBQuDAIBafzV +i5pD0//+8q8PAX+/74/Cam1WL2vgFrY+OMosog+V1C/RoxnxN+cALSyXOQ87KeV3 +GBrrzVSArnts9kDVhTlz8D3EJ+ygfT1FVRQqkJykj7WbRxaSwykmRs6PjTe0Zqyh +a+9aZLEPRfSl29oZCymbS697BWBBQaKT/KKbVct9ViJhr8LjXjRYu1HGJuBY/kl4 +NFJFnmgL9KDlbkh9kNxVdLU1P4Ln9Yur13aV2OnVKkbgeTxFSsQrQbnyRjjtEtpE +ePTimmtbE8Epvd8BM8Pq1geD7NlBH1+Nmi+1mD3r0YNqnvRcqCpEWDS9dL/Mgs4B +/OgjX90BAoGBAP1VQLWZBgy1aSu7AIUtdAFsxmU6ecjh4ISczoHOe7b6xITEWYtB +S3ai7gA0+g/iPiKzIAVmyI5/pWBa/h8UnMFm5UoZYSBtI2o8nRAxMnlXJ3Ny7OM5 +QBluT0uEKtj7N/KEpbe61hNH7sVoyq+RJgGCGq9bbxZjAdlqgdkN0w7ZAoGBAOAZ +9N+Aru0f1vU0b9U6Dh/XTvtgOFd9AJbrXyQZRqbYQguYgWB0aZfDH3TarGDRbIf/ +/Alhoo7gatIstDgjDxk8GuhOFvlimNrf8RC6oTXDvPLnwekdAL7/fMOyFsTegxWL +1J305SNa8FL3G0Fr2HxCUa0UoCk/wVau78atpvtvAoGAEYmqXigG1DBm5IEgqxeX +dVXLckyXC8IfYe7dGP1rcSJxImPZcxuFFuR2p4sDWMAn3w0ZhWY1MjBCCaai+xHZ +PEZcT0HsiGslzX/+u5U8UkwnTgXBwoU/G8OYN7khoj3aBK8MLekAUvti20XC6l6Z +C/eu0z74NMuL4DpQXO9pEhkCgYBNtfKKRo9iPvZFlWdqY3VeaUVEOjuPaxN3Qit9 +0x4C4V8Vsk666eNr8wfHd8Tq1fRyvLvjbO336a5hL4tXJCEqOQODpwCkfiJPU/S+ +PlmE0VmGSgOeGKaXlPToz6rBnf+KyzBxjeifd/t6aaIT75fkjwLPqCVZ6Hfc3VDc +bn9HFQKBgF8+kghkOG15fchOAaqRq+nqmfJNKQPf9VxGBF+LPaXJdK1XOjnfUIxd +wVkPpic5HfAbZfYCChSPYWV07s3V7Muqz5mJ/TxijMVjLwRZQqcXNqA9rufoaz7i +3lHgGTaPLBVnz06lPMHTuyXid+QK3xHsFeT+NQ2NSfRucTCTnSJ3 +-----END RSA PRIVATE KEY----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private.p12 b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private.p12 Binary files differnew file mode 100644 index 0000000..f83f831 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-private.p12 diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-req.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-req.pem new file mode 100644 index 0000000..72e7383 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-S04-req.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC8zCCAdsCAQAwga0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTYW1iYVN0YXRl +MRIwEAYDVQQHDAlTYW1iYUNpdHkxGTAXBgNVBAoMEFNhbWJhU2VsZlRlc3Rpbmcx +DjAMBgNVBAsMBVVzZXJzMSEwHwYDVQQDDBhwa2luaXRAc2FtYmEuZXhhbXBsZS5j +b20xJzAlBgkqhkiG9w0BCQEWGHBraW5pdEBzYW1iYS5leGFtcGxlLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3ESESl6Wu0QQNq3DQf1kHO98uy +RKejDokW/w1iI+CLJNuCgmgpIhtXRBLG6hAtbzpLdbEudmIBYv+6PWfhOQ0SOLD8 +s+UO3XdzK5klhtUVhAi+sIs412Sd1ufcTZr76hdBu9HPGrlbC4rljFq3Lau998OR +ribC45cn6j++ySKv1nY1RbByhvK9v+LT4+NoUibb8KZqDmMFmxdtE+7EFUGWJwaQ +/RC1+Wx0vrCou3D3oiXa9/GRwmlsQMRj6AaD4B23KynTddHfwdKQr7mBR3jz8RrJ +IOMbb+T9Lgtlp2+xsqDT49IvK+/9AVsn5xvBDry98HuyNKmbTSzIZTPIMxcCAwEA +AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAS1xXnu2962UGX+uGRd546a81d3UBr6fbe +0fFemBBdXqLcOS7dIksjrn0Nuf+L9RFBFX8J+j5W769GvbctoVriuyC6BUU6UmKd +WMUgg6DpqhqOUW9Ze7bnHJc7JKwsgUQCmK1lEveS2ZyA9eUMOB4Wt6w+Fa4aJ51u +vm590qbs5gmeWHMTE7svG0oxwoT0bhT95sKSlfbuMM5v9XS72ZNkkcmmg/i0/Kpw +XXevmng9bVtZS4ajyGyFMQ45u5OauJwYJDFOjOqzo+YyglCyyrj5XJBYy7aajRPz +Bre7Pub8WwLFJyw6Chc++8VSgqBXN57RS64eSY58ChNyQYcj8vB2 +-----END CERTIFICATE REQUEST----- diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-cert.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-cert.pem new file mode 120000 index 0000000..e8fe413 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-cert.pem @@ -0,0 +1 @@ +USER-pkinit@samba.example.com-S04-cert.pem
\ No newline at end of file diff --git a/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-private-key.pem b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-private-key.pem new file mode 120000 index 0000000..53e9e41 --- /dev/null +++ b/selftest/manage-ca/CA-samba.example.com/Users/pkinit@samba.example.com/USER-pkinit@samba.example.com-private-key.pem @@ -0,0 +1 @@ +USER-pkinit@samba.example.com-S04-private-key.pem
\ No newline at end of file diff --git a/selftest/manage-ca/manage-CA-samba.example.com.cnf b/selftest/manage-ca/manage-CA-samba.example.com.cnf new file mode 100644 index 0000000..65c9b95 --- /dev/null +++ b/selftest/manage-ca/manage-CA-samba.example.com.cnf @@ -0,0 +1,21 @@ +# +# All passwords are "1234" +# + +CRL_HTTP_BASE="http://www.samba.example.com/crls" +CRL_SSH_BASE="none@samba.example.com:/none/crls" +DNS_DOMAIN="samba.example.com" + +CA_BITS="8192" +DC_BITS="4096" +USER_BITS="2048" +# 20 years should be enough +CA_DAYS="7300" +CRL_DAYS="7300" +DC_DAYS="7300" +USER_DAYS="7300" + +COUNTRY_NAME="US" +STATE_NAME="SambaState" +LOCALITY_NAME="SambaCity" +ORGANIZATION_NAME="SambaSelfTesting" diff --git a/selftest/manage-ca/manage-CA-samba.example.com.sh b/selftest/manage-ca/manage-CA-samba.example.com.sh new file mode 100644 index 0000000..12762fe --- /dev/null +++ b/selftest/manage-ca/manage-CA-samba.example.com.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# + +set -e +set -u +set -x + +# +# All passwords are "1234" +# + +# DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf init_ca +# DONE # +# DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_dc localdc.samba.example.com 0123456789ABCDEF +# DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user administrator@samba.example.com +# DONE # +# DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_dc addc.addom.samba.example.com 0123456789ABCDEF +# DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user administrator@addom.samba.example.com + +# DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user pkinit@samba.example.com +# DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user pkinit@addom.samba.example.com + +#DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_dc addcsmb1.addom2.samba.example.com 0123456789ABCDEF +#DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user administrator@addom2.samba.example.com +#DONE # ./manage-ca.sh manage-CA-samba.example.com.cnf create_user pkinit@addom2.samba.example.com diff --git a/selftest/manage-ca/manage-ca.sh b/selftest/manage-ca/manage-ca.sh new file mode 100755 index 0000000..8e09a93 --- /dev/null +++ b/selftest/manage-ca/manage-ca.sh @@ -0,0 +1,387 @@ +#!/bin/bash +# + +set -e +set -u +#set -x + +umask 022 + +function print_usage() +{ + echo "Usage:" + echo "" + echo "${0} <CNF_FILE> <CMD> [<ARG1> [<ARG2>]]" + echo "" + echo "${0} <CNF_FILE> init_ca" + echo "${0} <CNF_FILE> update_crl" + echo "${0} <CNF_FILE> publish_crl" + echo "${0} <CNF_FILE> create_dc <DC_DNS_NAME> <DC_OBJECTGUID_HEX>" + echo "${0} <CNF_FILE> revoke_dc <DC_DNS_NAME> <REVOKE_RESON>" + echo "${0} <CNF_FILE> create_user <USER_PRINCIPAL_NAME>" + echo "${0} <CNF_FILE> revoke_user <USER_PRINCIPAL_NAME> <REVOKE_RESON>" + echo "" +} + +function check_arg() +{ + local k="${1}" + local v="${2}" + + test -n "${v}" || { + print_usage + echo "ERROR: CMD[${CMD}] argument <${k}> missing" + return 1 + } + + return 0 +} +CNF="${1-}" +test -n "${CNF}" || { + print_usage + echo "ERROR: speficy <CNF_FILE> see manage-ca.templates.d/manage-CA-example.com.cnf" + exit 1 +} +test -e "${CNF}" || { + print_usage + echo "ERROR: CNF_FILE[${CNF}] does not exist" + exit 1 +} +CMD="${2-}" +CMDARG1="${3-}" +CMDARG2="${4-}" + +TEMPLATE_DIR="manage-ca.templates.d" +DEFAULT_VARS="" +DEFAULT_VARS="${DEFAULT_VARS} CRL_HTTP_BASE DNS_DOMAIN DEFAULT_BITS" +DEFAULT_VARS="${DEFAULT_VARS} DEFAULT_BITS DEFAULT_DAYS DEFAULT_CRL_DAYS" +DEFAULT_VARS="${DEFAULT_VARS} COUNTRY_NAME STATE_NAME LOCALITY_NAME ORGANIZATION_NAME" +DEFAULT_VARS="${DEFAULT_VARS} ORGANIZATIONAL_UNIT_NAME COMMON_NAME EMAIL_ADDRESS" + +source "${CNF}" + +DEFAULT_BITS=${DEFAULT_BITS:=8192} +CA_BITS=${CA_BITS:=${DEFAULT_BITS}} +DC_BITS=${DC_BITS:=${DEFAULT_BITS}} +USER_BITS=${USER_BITS:=${DEFAULT_BITS}} + +CA_DAYS=${CA_DAYS:=3650} +CRL_DAYS=${CRL_DAYS:=30} +DC_DAYS=${DC_DAYS:=730} +USER_DAYS=${USER_DAYS:=730} + +CA_DIR="CA-${DNS_DOMAIN}" +DEFAULT_VARS="${DEFAULT_VARS} CA_DIR" + +CACERT_PEM="${CA_DIR}/Public/CA-${DNS_DOMAIN}-cert.pem" +CACERT_CER="${CA_DIR}/Public/CA-${DNS_DOMAIN}-cert.cer" +CACRL_PEM="${CA_DIR}/Public/CA-${DNS_DOMAIN}-crl.pem" +CACRL_CRL="${CA_DIR}/Public/CA-${DNS_DOMAIN}-crl.crl" +CA_SERIAL="${CA_DIR}/Private/CA-${DNS_DOMAIN}-serial.txt" + +function generate_from_template() +{ + local base_template="${TEMPLATE_DIR}/$1" + local cmd_template="${TEMPLATE_DIR}/$2" + local cnf_file="$3" + shift 3 + local vars="$@" + + test -f "${base_template}" || { + echo "base_template[${base_template}] does not exists" + return 1 + } + test -f "${cmd_template}" || { + echo "cmd_template[${cmd_template}] does not exists" + return 1 + } + test -e "${cnf_file}" && { + echo "cnf_file[${cnf_file}] already exists" + return 1 + } + + local sedargs="" + for k in $vars; do + v=$(eval echo "\${${k}}") + sedargs="${sedargs} -e 's!@@${k}@@!${v}!g'" + done + + #echo "sedargs[${sedargs}]" + cat "${base_template}" "${cmd_template}" | eval sed ${sedargs} > "${cnf_file}" + grep '@@' "${cnf_file}" | wc -l | grep -q '^0' || { + echo "invalid context in cnf_file[${cnf_file}]" + grep '@@' "${cnf_file}" + return 1 + } + + return 0 +} + +case "${CMD}" in +init_ca) + test -e "${CA_DIR}" && { + echo "CA with CA_DIR[${CA_DIR}] already exists" + exit 1 + } + + OPENSSLCNF="${CA_DIR}/Private/CA-${DNS_DOMAIN}-openssl.cnf" + CA_INDEX="${CA_DIR}/Private/CA-${DNS_DOMAIN}-index.txt" + CA_CRLNUMBER="${CA_DIR}/Private/CA-${DNS_DOMAIN}-crlnumber.txt" + PRIVATEKEY="${CA_DIR}/Private/CA-${DNS_DOMAIN}-private-key.pem" + + ORGANIZATIONAL_UNIT_NAME="CA Administration" + COMMON_NAME="CA of ${DNS_DOMAIN}" + EMAIL_ADDRESS="ca-${DNS_DOMAIN}@${DNS_DOMAIN}" + + DEFAULT_BITS="${CA_BITS}" + DEFAULT_DAYS="1" + DEFAULT_CRL_DAYS="${CRL_DAYS}" + + mkdir -p "${CA_DIR}/"{,Public} + umask 077 + mkdir -p "${CA_DIR}/"{,Private,NewCerts,DCs,Users} + umask 022 + touch "${CA_INDEX}" + echo "00" > "${CA_SERIAL}" + echo "00" > "${CA_CRLNUMBER}" + + generate_from_template \ + "openssl-BASE-template.cnf" \ + "openssl-CA-template.cnf" \ + "${OPENSSLCNF}" \ + ${DEFAULT_VARS} + openssl req -new -x509 -sha256 -extensions v3_ca -days "${CA_DAYS}" -keyout "${PRIVATEKEY}" -out "${CACERT_PEM}" -config "${OPENSSLCNF}" + openssl x509 -in "${CACERT_PEM}" -inform PEM -out "${CACERT_CER}" -outform DER + echo -n "Generate CRL [ENTER] to continue" + read + openssl ca -config "${OPENSSLCNF}" -gencrl -out "${CACRL_PEM}" + openssl crl -in "${CACRL_PEM}" -inform PEM -out "${CACRL_CRL}" -outform DER + ls -la "${CA_DIR}"/Public/CA-* + echo "Please run: '${0} ${CNF} publish_crl'" + exit 0 + ;; +update_crl) + test -e "${CA_DIR}" || { + echo "CA with CA_DIR[${CA_DIR}] does not exists" + exit 1 + } + + OPENSSLCNF="${CA_DIR}/Private/CA-${DNS_DOMAIN}-openssl.cnf" + openssl ca -config "${OPENSSLCNF}" -gencrl -out "${CACRL_PEM}" + openssl crl -in "${CACRL_PEM}" -inform PEM -out "${CACRL_CRL}" -outform DER + ls -la "${CACRL_PEM}" "${CACRL_CRL}" + echo "Please run: '${0} ${CNF} publish_crl'" + exit 0 + ;; +publish_crl) + test -e "${CA_DIR}" || { + echo "CA with CA_DIR[${CA_DIR}] does not exists" + exit 1 + } + + echo "Upload ${CACRL_CRL} to ${CRL_SSH_BASE}/" + rsync -a -P "${CACRL_CRL}" "${CRL_SSH_BASE}/" + echo "Check ${CRL_HTTP_BASE}/CA-${DNS_DOMAIN}-crl.crl" + exit 0 + ;; +create_dc) + test -e "${CA_DIR}" || { + echo "CA with CA_DIR[${CA_DIR}] does not exists" + exit 1 + } + # + # + # ldbsearch -H ldap://DC_DNS_NAME '(dnsHostName=DC_DNS_NAME)' distinguishedName --controls=search_options:1:1 --controls=extended_dn:1:0 + DC_DNS_NAME="${CMDARG1}" + check_arg "DC_DNS_NAME" "${DC_DNS_NAME}" + DC_OBJECTGUID_HEX=$(echo "${CMDARG2}" | tr a-z A-Z) + check_arg "DC_OBJECTGUID_HEX" "${DC_OBJECTGUID_HEX}" + + DC_DIR="${CA_DIR}/DCs/${DC_DNS_NAME}" + test -e "${DC_DIR}" && { + echo "DC with DC_DIR[${DC_DIR}] already exists" + exit 1 + } + + NEXT_SERIAL=$(cat "${CA_SERIAL}" | xargs) + DCFILE_BASE="DC-${DC_DNS_NAME}-S${NEXT_SERIAL}" + OPENSSLCNF="${DC_DIR}/${DCFILE_BASE}-openssl.cnf" + DCKEY_PEM="${DC_DIR}/${DCFILE_BASE}-key.pem" + DCKEY_PRIVATE_PEM="${DC_DIR}/${DCFILE_BASE}-private-key.pem" + DCKEY_PRIVATE_PEM_BASE="${DCFILE_BASE}-private-key.pem" + DCKEY_PRIVATE_PEM_LINK="${DC_DIR}/DC-${DC_DNS_NAME}-private-key.pem" + DCREQ_PEM="${DC_DIR}/${DCFILE_BASE}-req.pem" + DCCERT_PEM="${DC_DIR}/${DCFILE_BASE}-cert.pem" + DCCERT_PEM_BASE="${DCFILE_BASE}-cert.pem" + DCCERT_PEM_LINK="${DC_DIR}/DC-${DC_DNS_NAME}-cert.pem" + DCCERT_CER="${DC_DIR}/${DCFILE_BASE}-cert.cer" + DCCERT_P12="${DC_DIR}/${DCFILE_BASE}-private.p12" + + ORGANIZATIONAL_UNIT_NAME="Domain Controllers" + COMMON_NAME="${DC_DNS_NAME}" + EMAIL_ADDRESS="ca-${DNS_DOMAIN}@${DNS_DOMAIN}" + + DEFAULT_BITS="${DC_BITS}" + DEFAULT_DAYS="${DC_DAYS}" + DEFAULT_CRL_DAYS="${CRL_DAYS}" + + umask 077 + mkdir -p "${DC_DIR}/" + + generate_from_template \ + "openssl-BASE-template.cnf" \ + "openssl-DC-template.cnf" \ + "${OPENSSLCNF}" \ + ${DEFAULT_VARS} DC_DNS_NAME DC_OBJECTGUID_HEX + + openssl req -new -newkey rsa:${DC_BITS} -keyout "${DCKEY_PEM}" -out "${DCREQ_PEM}" -config "${OPENSSLCNF}" + openssl rsa -in "${DCKEY_PEM}" -inform PEM -out "${DCKEY_PRIVATE_PEM}" -outform PEM + openssl ca -config "${OPENSSLCNF}" -in "${DCREQ_PEM}" -out "${DCCERT_PEM}" + ln -s "${DCKEY_PRIVATE_PEM_BASE}" "${DCKEY_PRIVATE_PEM_LINK}" + ln -s "${DCCERT_PEM_BASE}" "${DCCERT_PEM_LINK}" + openssl x509 -in "${DCCERT_PEM}" -inform PEM -out "${DCCERT_CER}" -outform DER + echo "Generate ${DCCERT_P12}" + openssl pkcs12 -in "${DCCERT_PEM}" -inkey "${DCKEY_PRIVATE_PEM}" -export -out "${DCCERT_P12}" + ls -la "${DC_DIR}"/*.* + exit 0 + ;; +revoke_dc) + test -e "${CA_DIR}" || { + echo "CA with CA_DIR[${CA_DIR}] does not exists" + exit 1 + } + DC_DNS_NAME="${CMDARG1}" + check_arg "DC_DNS_NAME" "${DC_DNS_NAME}" + REVOKE_REASON="${CMDARG2}" + check_arg "REVOKE_REASON" "${REVOKE_REASON}" + + DC_DIR="${CA_DIR}/DCs/${DC_DNS_NAME}" + test -e "${DC_DIR}" || { + echo "DC with DC_DIR[${DC_DIR}] does not exists" + exit 1 + } + + OPENSSLCNF="${CA_DIR}/Private/CA-${DNS_DOMAIN}-openssl.cnf" + DCKEY_PRIVATE_PEM_LINK="${DC_DIR}/DC-${DC_DNS_NAME}-private-key.pem" + DCCERT_PEM_LINK="${DC_DIR}/DC-${DC_DNS_NAME}-cert.pem" + + REVOKE_DATE=$(date +%Y%m%d-%H%M%S) + REVOKE_DC_DIR="${DC_DIR}.${REVOKE_DATE}.revoked-${REVOKE_REASON}" + + openssl ca -config "${OPENSSLCNF}" -revoke "${DCCERT_PEM_LINK}" -crl_reason "${REVOKE_REASON}" + + mv "${DCKEY_PRIVATE_PEM_LINK}" "${DCKEY_PRIVATE_PEM_LINK}.revoked" + mv "${DCCERT_PEM_LINK}" "${DCCERT_PEM_LINK}.revoked" + mv "${DC_DIR}" "${REVOKE_DC_DIR}" + echo "${REVOKE_DC_DIR}" + + openssl ca -config "${OPENSSLCNF}" -gencrl -out "${CACRL_PEM}" + openssl crl -in "${CACRL_PEM}" -inform PEM -out "${CACRL_CRL}" -outform DER + ls -la "${CACRL_PEM}" "${CACRL_CRL}" + echo "Please run: '${0} ${CNF} publish_crl'" + exit 0 + ;; +create_user) + test -e "${CA_DIR}" || { + echo "CA with CA_DIR[${CA_DIR}] does not exists" + exit 1 + } + USER_PRINCIPAL_NAME="${CMDARG1}" + check_arg "USER_PRINCIPAL_NAME" "${USER_PRINCIPAL_NAME}" + + USER_DIR="${CA_DIR}/Users/${USER_PRINCIPAL_NAME}" + test -e "${USER_DIR}" && { + echo "USER with USER_DIR[${USER_DIR}] already exists" + exit 1 + } + + NEXT_SERIAL=$(cat "${CA_SERIAL}" | xargs) + USERFILE_BASE="USER-${USER_PRINCIPAL_NAME}-S${NEXT_SERIAL}" + OPENSSLCNF="${USER_DIR}/${USERFILE_BASE}-openssl.cnf" + USERKEY_PEM="${USER_DIR}/${USERFILE_BASE}-key.pem" + USERKEY_PRIVATE_PEM="${USER_DIR}/${USERFILE_BASE}-private-key.pem" + USERKEY_PRIVATE_PEM_BASE="${USERFILE_BASE}-private-key.pem" + USERKEY_PRIVATE_PEM_LINK="${USER_DIR}/USER-${USER_PRINCIPAL_NAME}-private-key.pem" + USERREQ_PEM="${USER_DIR}/${USERFILE_BASE}-req.pem" + USERCERT_PEM="${USER_DIR}/${USERFILE_BASE}-cert.pem" + USERCERT_PEM_BASE="${USERFILE_BASE}-cert.pem" + USERCERT_PEM_LINK="${USER_DIR}/USER-${USER_PRINCIPAL_NAME}-cert.pem" + USERCERT_CER="${USER_DIR}/${USERFILE_BASE}-cert.cer" + USERCERT_P12="${USER_DIR}/${USERFILE_BASE}-private.p12" + + ORGANIZATIONAL_UNIT_NAME="Users" + COMMON_NAME="${USER_PRINCIPAL_NAME}" + EMAIL_ADDRESS="${USER_PRINCIPAL_NAME}" + + DEFAULT_BITS="${USER_BITS}" + DEFAULT_DAYS="${USER_DAYS}" + DEFAULT_CRL_DAYS="${CRL_DAYS}" + + umask 077 + mkdir -p "${USER_DIR}/" + + generate_from_template \ + "openssl-BASE-template.cnf" \ + "openssl-USER-template.cnf" \ + "${OPENSSLCNF}" \ + ${DEFAULT_VARS} USER_PRINCIPAL_NAME + + openssl req -new -newkey rsa:${USER_BITS} -keyout "${USERKEY_PEM}" -out "${USERREQ_PEM}" -config "${OPENSSLCNF}" + openssl rsa -in "${USERKEY_PEM}" -inform PEM -out "${USERKEY_PRIVATE_PEM}" -outform PEM + openssl ca -config "${OPENSSLCNF}" -in "${USERREQ_PEM}" -out "${USERCERT_PEM}" + ln -s "${USERKEY_PRIVATE_PEM_BASE}" "${USERKEY_PRIVATE_PEM_LINK}" + ln -s "${USERCERT_PEM_BASE}" "${USERCERT_PEM_LINK}" + openssl x509 -in "${USERCERT_PEM}" -inform PEM -out "${USERCERT_CER}" -outform DER + echo "Generate ${USERCERT_P12}" + openssl pkcs12 -in "${USERCERT_PEM}" -inkey "${USERKEY_PRIVATE_PEM}" -export -out "${USERCERT_P12}" + ls -la "${USER_DIR}"/*.* + exit 0 + ;; +revoke_user) + test -e "${CA_DIR}" || { + echo "CA with CA_DIR[${CA_DIR}] does not exists" + exit 1 + } + USER_PRINCIPAL_NAME="${CMDARG1}" + check_arg "USER_PRINCIPAL_NAME" "${USER_PRINCIPAL_NAME}" + REVOKE_REASON="${CMDARG2}" + check_arg "REVOKE_REASON" "${REVOKE_REASON}" + + USER_DIR="${CA_DIR}/Users/${USER_PRINCIPAL_NAME}" + test -e "${USER_DIR}" || { + echo "USER with USER_DIR[${USER_DIR}] does not exists" + exit 1 + } + + OPENSSLCNF="${CA_DIR}/Private/CA-${DNS_DOMAIN}-openssl.cnf" + USERKEY_PRIVATE_PEM_LINK="${USER_DIR}/USER-${USER_PRINCIPAL_NAME}-private-key.pem" + USERCERT_PEM_LINK="${USER_DIR}/USER-${USER_PRINCIPAL_NAME}-cert.pem" + + REVOKE_DATE=$(date +%Y%m%d-%H%M%S) + REVOKE_USER_DIR="${USER_DIR}.${REVOKE_DATE}.revoked-${REVOKE_REASON}" + + openssl ca -config "${OPENSSLCNF}" -revoke "${USERCERT_PEM_LINK}" -crl_reason "${REVOKE_REASON}" + + mv "${USERKEY_PRIVATE_PEM_LINK}" "${USERKEY_PRIVATE_PEM_LINK}.revoked" + mv "${USERCERT_PEM_LINK}" "${USERCERT_PEM_LINK}.revoked" + mv "${USER_DIR}" "${REVOKE_USER_DIR}.revoked" + echo "${REVOKE_USER_DIR}" + + openssl ca -config "${OPENSSLCNF}" -gencrl -out "${CACRL_PEM}" + openssl crl -in "${CACRL_PEM}" -inform PEM -out "${CACRL_CRL}" -outform DER + ls -la "${CACRL_PEM}" "${CACRL_CRL}" + echo "Please run: '${0} ${CNF} publish_crl'" + exit 0 + ;; +usage) + print_usage + exit 1 + ;; +*) + print_usage + echo "ERROR: CMD[${CMD}] - unknown" + exit 1 + ;; +esac + +exit 1 diff --git a/selftest/manage-ca/manage-ca.templates.d/manage-CA-example.com.cnf b/selftest/manage-ca/manage-ca.templates.d/manage-CA-example.com.cnf new file mode 100644 index 0000000..1f3d24e --- /dev/null +++ b/selftest/manage-ca/manage-ca.templates.d/manage-CA-example.com.cnf @@ -0,0 +1,17 @@ + +CRL_HTTP_BASE="http://www.example.com/crls" +CRL_SSH_BASE="www.example.com:/path/to/crls" +DNS_DOMAIN="example.com" + +#CA_BITS="8192" +#DC_BITS="8192" +#USER_BITS="8192" +#CA_DAYS="3650" +#CRL_DAYS="30" +#DC_DAYS="730" +#USER_DAYS="730" + +COUNTRY_NAME="US" +STATE_NAME="ExampleState" +LOCALITY_NAME="ExampleCity" +ORGANIZATION_NAME="ExampleOrganization" diff --git a/selftest/manage-ca/manage-ca.templates.d/openssl-BASE-template.cnf b/selftest/manage-ca/manage-ca.templates.d/openssl-BASE-template.cnf new file mode 100644 index 0000000..ca8415b --- /dev/null +++ b/selftest/manage-ca/manage-ca.templates.d/openssl-BASE-template.cnf @@ -0,0 +1,201 @@ +# +# Based on the OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#CRLDISTPT = [CRL Distribution Point; e.g., http://crl-list.base/w4edom-l4.base.crl] +CRLDISTPT = @@CRL_HTTP_BASE@@/CA-@@DNS_DOMAIN@@-crl.crl + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used as a login credential +scardLogin=1.3.6.1.4.1.311.20.2.2 +# Used in a smart card login certificate's subject alternative name +msUPN=1.3.6.1.4.1.311.20.2.3 +# Ordinarily, certificates must have this oid as an enhanced key usage in order for Windows to allow them to be used to identify a domain controller +msKDC=1.3.6.1.5.2.3.5 +# Identifies the AD GUID +msADGUID=1.3.6.1.4.1.311.25.1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = @@CA_DIR@@ # Where everything is kept +certs = $dir/_none_certs # Where the issued certs are kept +crl_dir = $dir/_none_crl # Where the issued crl are kept +database = $dir/Private/CA-@@DNS_DOMAIN@@-index.txt # database index file. +unique_subject = yes # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/NewCerts # default place for new certs. + +certificate = $dir/Public/CA-@@DNS_DOMAIN@@-cert.pem # The CA certificate +serial = $dir/Private/CA-@@DNS_DOMAIN@@-serial.txt # The current serial number +crlnumber = $dir/Private/CA-@@DNS_DOMAIN@@-crlnumber.txt # the current crl number + # must be commented out to leave a V1 CRL + +#crl = $dir/Public/CA-@@DNS_DOMAIN@@-crl.pem # The current CRL +crl = $dir/Public/CA-@@DNS_DOMAIN@@-crl.crl # The current CRL +private_key = $dir/Private/CA-@@DNS_DOMAIN@@-private-key.pem # The private key +RANDFILE = $dir/Private/CA-@@DNS_DOMAIN@@.rand # private random number file + +#x509_extensions = # The extensions to add to the cert +x509_extensions = template_x509_extensions + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = @@DEFAULT_DAYS@@ # how long to certify for +default_crl_days= @@DEFAULT_CRL_DAYS@@ # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = match +stateOrProvinceName = match +localityName = match +organizationName = match +organizationalUnitName = match +commonName = supplied +emailAddress = supplied + +#################################################################### +[ req ] +default_bits = @@DEFAULT_BITS@@ +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = @@COUNTRY_NAME@@ +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = @@STATE_NAME@@ + +localityName = Locality Name (eg, city) +localityName_default = @@LOCALITY_NAME@@ + +organizationName = Organization Name (eg, company) +organizationName_default = @@ORGANIZATION_NAME@@ + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = @@ORGANIZATIONAL_UNIT_NAME@@ + +commonName = Common Name (eg, YOUR name) +commonName_default = @@COMMON_NAME@@ +commonName_max = 64 + +emailAddress = Email Address +emailAddress_default = @@EMAIL_ADDRESS@@ +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +# +#unstructuredName = An optional company name + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. +keyUsage = cRLSign, keyCertSign + +crlDistributionPoints=URI:$CRLDISTPT + +# Some might want this also +nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +subjectAltName=email:copy +# Copy issuer details +issuerAltName=issuer:copy + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + diff --git a/selftest/manage-ca/manage-ca.templates.d/openssl-CA-template.cnf b/selftest/manage-ca/manage-ca.templates.d/openssl-CA-template.cnf new file mode 100644 index 0000000..4c6bb4a --- /dev/null +++ b/selftest/manage-ca/manage-ca.templates.d/openssl-CA-template.cnf @@ -0,0 +1,2 @@ +[ template_x509_extensions ] + diff --git a/selftest/manage-ca/manage-ca.templates.d/openssl-DC-template.cnf b/selftest/manage-ca/manage-ca.templates.d/openssl-DC-template.cnf new file mode 100644 index 0000000..0b0424d --- /dev/null +++ b/selftest/manage-ca/manage-ca.templates.d/openssl-DC-template.cnf @@ -0,0 +1,49 @@ +#[ usr_cert_mskdc ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a domain controller certificate. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +nsCertType = server + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Domain Controller Certificate @@DC_DNS_NAME@@" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=@dc_subjalt + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for our domain controller certs +# serverAuth - says cert can be used to identify an ssl/tls server +# msKDC - says cert can be used to identify a Kerberos Domain Controller. +extendedKeyUsage = clientAuth,serverAuth,msKDC + +[dc_subjalt] +DNS=@@DC_DNS_NAME@@ +otherName=msADGUID;FORMAT:HEX,OCTETSTRING:@@DC_OBJECTGUID_HEX@@ diff --git a/selftest/manage-ca/manage-ca.templates.d/openssl-USER-template.cnf b/selftest/manage-ca/manage-ca.templates.d/openssl-USER-template.cnf new file mode 100644 index 0000000..71674b9 --- /dev/null +++ b/selftest/manage-ca/manage-ca.templates.d/openssl-USER-template.cnf @@ -0,0 +1,41 @@ +#[ usr_cert_scarduser ] +[ template_x509_extensions ] + +# These extensions are added when 'ca' signs a request for a certificate that will be used to login from a smart card + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints=URI:$CRLDISTPT + +# For normal client use this is typical +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Smart Card Login Certificate for @@USER_PRINCIPAL_NAME@@" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. + +subjectAltName=email:copy,otherName:msUPN;UTF8:@@USER_PRINCIPAL_NAME@@ + +# Copy subject details +issuerAltName=issuer:copy + +nsCaRevocationUrl = $CRLDISTPT +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +#Extended Key requirements for client certs +extendedKeyUsage = clientAuth,scardLogin + diff --git a/selftest/no-python-tests.txt b/selftest/no-python-tests.txt new file mode 100644 index 0000000..33c2f01 --- /dev/null +++ b/selftest/no-python-tests.txt @@ -0,0 +1,32 @@ +# A small subset of tests/testenvs to run as a sanity-check when samba +# is built with --disable-python. One test-suite for each s3 testenv was +# selected from 'python source3/selftest/tests.py' (and manually edited to +# remove the filter-subunit portion of the command). +# Notes: +# - you cannot add knownfail tests to this list. +# - only .sh tests supported here, and they must set and return $failed +# appropriately +-- TEST -- +samba3.blackbox.smb2.not_casesensitive (fileserver)(fileserver) +fileserver +./source3/script/tests/test_smb2_not_casesensitive.sh //$SERVER/tmp $SERVER_IP $USERNAME $PASSWORD $LOCAL_PATH bin/smbclient || exit 1 +-- TEST -- +samba3.blackbox.rpcclient_srvsvc(simpleserver) +simpleserver +./source3/script/tests/test_rpcclientsrvsvc.sh $USERNAME $PASSWORD $SERVER bin/rpcclient tmp || exit 1 +-- TEST -- +samba3.blackbox.smbclient_large_file krb5(ktest:local) +ktest:local +./source3/script/tests/test_smbclient_large_file.sh $PREFIX/ktest/krb5_ccache-3 bin/smbclient $SERVER $PREFIX -k --configfile=$SMB_CONF_PATH || exit 1 +-- TEST -- +samba3.blackbox.smbclient_auth.plain (maptoguest) local creds(maptoguest) +maptoguest +./source3/script/tests/test_smbclient_auth.sh $SERVER $SERVER_IP $USERNAME $PASSWORD bin/smbclient --configfile=$SMB_CONF_PATH --option=clientntlmv2auth=no --option=clientlanmanauth=yes || exit 1 +-- TEST -- +samba3.blackbox.smbclient_auth.plain (nt4_dc) (nt4_dc) +nt4_dc +./source3/script/tests/test_smbclient_auth.sh $SERVER $SERVER_IP $DC_USERNAME $DC_PASSWORD bin/smbclient --configfile=$SMB_CONF_PATH || exit 1 +-- TEST -- +samba3.blackbox.net_cred_change.(nt4_member:local)(nt4_member:local) +nt4_member:local +./source3/script/tests/test_net_cred_change.sh --configfile=$SMB_CONF_PATH || exit 1 diff --git a/selftest/ns/README b/selftest/ns/README new file mode 100644 index 0000000..896fe15 --- /dev/null +++ b/selftest/ns/README @@ -0,0 +1,162 @@ +The scripts in this directory are experimental and are used to create testenvs +in separate linux namespaces. This avoids the need for socket-wrapper. + +What are Namespaces +=================== +Namespaces allow the kernel to segregate its system resources (files, CPU, +etc), so that different processes only see the set of resources they are +allowed to use. There are several different types of namespace: network, +user, process, file, IPC, and so on. + +Key points to grasp are: +* Each type of namespace gets managed separately by the kernel, i.e. process +namespaces are managed separately to network namespaces, which are separate +to user namespaces. These scripts give each testenv its own network namespace, +but otherwise they all still share the same user/process/etc namespace. +(In future, we may want to give each testenv its own process and user +namespace, to better mimic a production DC). +* Namespaces are created using the 'unshare' utility. The new selftest +namespaces are anonymous/nameless, and so the different namespaces are +identified by the PID of the processes running within the namespace +(typically samba). +* Linux supports nesting namespaces within namespaces. In this case, each +testenv DC has its own network namespace, which is a child of the overarching +selftest namespace (which itself is a child of whatever namespace you run +'make test' from - usually this would be the root namespace). + +How does it work? +================= +Normally when 'make test' is run, every testenv uses a 10.53.57.x IP address +and socket-wrapper passes the packets between them. + +With namespaces, we also use 10.53.57.x IP addresses but have the packets pass through +the kernel's IP stack normally, as it forwards them between namespaces. + +We use veth interfaces for this. veth is a type of virtual interface supported +by the kernel. veth interfaces come in pairs, and act as a tunnel - any packets +sent on a veth interface simply end up as received packets on the pair veth +interface. + +We create a new veth interface pair for each testenv, and use them to connect +up the namespaces. One end of the veth pair is added to the main selftest +namespace, and the other end is added to a new namespace that we'll run +samba in. E.g. + +selftest.pl veth21-br ------------------------ veth21 samba (ad_dc_ntvfs) + 10.53.57.11 10.53.57.21 + Namespace 1 Namespace 2 + +However, we need to run multiple different testenvs and have them talk to +each other. So to do this, we need a bridge interface ('selftest0') to connect +up the namespaces, which essentially just acts as a hub. So connecting together +multiple testenvs looks more like this: + +selftest.pl +-- veth21-br ------------------------ veth21 samba (ad_dc_ntvfs) + | 10.53.57.21 + selftest0 --+ Namespace 2 + 10.53.57.11 | + +-- veth22-br ------------------------ veth22 samba (vampire_dc) + 10.53.57.22 + Namespace 1 Namespace 3 + +The veth interfaces are named vethX and vethX-br, where X is the +SOCKET_WRAPPER_DEFAULT_IFACE for the testenv. The vethX-br interface is always +added to the selftest0 bridge interface. + +How do I use it? +================ +To use namespaces instead of socket-wrapper, just add 'USE_NAMESPACES=1' to the +make command, e.g. + +To run the 'quick' test cases using namespaces: +USE_NAMESPACES=1 make test TESTS=quick + +To setup an ad_dc testenv using namespaces: +USE_NAMESPACES=1 SELFTEST_TESTENV=ad_dc make testenv + +You can connect secondary shells to the namespace your testenv is running in. +The command to do this is a little complicated, so a helper 'nsenter.sh' script +gets autogenerated when the testenv is created. E.g. to connect to the testenv +that the ad_dc is running in, use: +./st/ad_dc/nsenter.sh + +This script also sets up the shell with all the same $SERVER/$USERNAME/etc +variables that you normally get in xterm. + +To run the ad-dc-backup autobuild job using namespaces: +USE_NAMESPACES=1 script/autobuild.py samba-ad-dc-backup --verbose --nocleanup \ + --keeplogs --tail --testbase /tmp/samba-testbase + +Using the customdc testenv, you can basically now essentially your own +light-weight samba VM. E.g. +MY_BACKUP=/home/$USER/samba-backup-prod-domain.tar.bz2 +USE_NAMESPACES=1 BACKUP_FILE=$MY_BACKUP SELFTEST_TESTENV=customdc make testenv + +You can then talk to that DC in any other shell by using +./st/customdc/nsenter.sh which enters the DC's network namespace (with +all the $SERVER/etc env variables defined). + +How to join VMs to the testenv +---------------------------------------- +I haven't tried this (beyond basic IP connectivity), but using namespaces it +should now be possible to connect a Windows VM to a Samba testenv. + +1. Work out the main selftest.pl namespace PID manually, e.g. +SELFTEST_PID= ps waux | grep selftest.pl + +2. Create a new veth to bridge between the selftest namespace and your PC's +default namespace: +sudo ip link add dev testenv-veth0 type veth peer name testenv-veth1 + +3. Move one end of the veth tunnel into the selftest namespace: +sudo ip link set testenv-veth1 netns $SELFTEST_PID + +4. Configure the veth end in the default namespace to be in the same subnet +as the selftest network: +sudo ip link set dev testenv-veth0 up +sudo ip addr add 10.53.57.63/24 dev testenv-veth0 + +5. Enter the selftest namespace, bring that end of the pipe up, and add it to +to the main selftest0 bridge (that connects all the DCs together). We also need +to add a default route from selftest back to your PC's default namespace. +nsenter -t $SELFTEST_PID --net --user --preserve-credentials +ip link set dev testenv-veth1 up +ip link set testenv-veth1 master selftest0 +ip route add default via 10.53.57.63 +logout + +Your Windows VM and samba testenv should now be able to talk to each +other over IP! + +6. The other step is to get DNS working. You probably need to add dns_hub +(10.53.57.64) as a nameserver (at least on your Windows VM). + +This should work for using RSAT tools on samba, or joining Windows to Samba +(depending on the schema version). Joining samba to Windows is a bit more +tricky, as the namespaces are tied to the *running* samba process. + +What you'd probably want to do is run the join command to the windows VM +outside of testenv, create an offline backup-file of the resulting DB, and +then plug that backup-file into the customdc testenv. (And then follow the +above veth/bridge steps to join samba to the VM). + +Note that the namespace disappears once you stop the testenv, so you'd +need to do the above steps with creating the veth interface every time +you restarted the testenv. + +Known limitations +================= +- When running a testenv, sometimes xterm can fail to startup, due to a + permissions problem with /dev/pts. This seems to be a particular problem + with the 'none' testenv. + A short-term work-around is to use a terminal that doesn't try to access + /dev/pts, e.g. just use bash as the terminal: + TERMINAL=bash TERMINAL_ARGS='--norc' USE_NAMESPACES=1 \ + SELFTEST_TESTENV=none make testenv +- Some test cases rely on socket-wrapper, so will fail when run using + namespaces. +- Currently USE_NAMESPACES maps you (i.e. $USER) to root in the new namespace. + This means any test cases that rely on being a non-root user will fail (i.e. + anything that fails under 'sudo make test' will also fail with namespaces). +- Namespaces should work within docker, but currently the 'unshare' system + call is disallowed on the gitlab CI runners. diff --git a/selftest/ns/add_bridge_iface.sh b/selftest/ns/add_bridge_iface.sh new file mode 100755 index 0000000..4090319 --- /dev/null +++ b/selftest/ns/add_bridge_iface.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Configures the interfaces needed for communication between namespaces. +# This handles the bridge-end of the veth pair. +interface=$1 + +# the main bridge interface is called 'selftest0' (although in future we may +# want to segregate the different domains by using different bridges) +bridge=$2 + +# we need to wait for the child namespace to start up and add the new +# interface back to our new namespace +while ! ip link show $interface >/dev/null 2>&1; do + sleep 0.1 + echo "Waiting for $interface to be created..." +done + +# bring the bridge-end of the link up and add it to the bridge +ip link set dev $interface up +ip link set $interface master $bridge diff --git a/selftest/ns/create_bridge.sh b/selftest/ns/create_bridge.sh new file mode 100755 index 0000000..74f7eca --- /dev/null +++ b/selftest/ns/create_bridge.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# creates a bridge interface (i.e. 'selftest0') that connects together the +# veth interfaces for the various testenvs + +br_name=$1 +ip_addr=$2 +ipv6_addr=$3 + +# make sure the loopback is up (needed for pinging between namespaces, etc) +ip link set dev lo up + +# create the bridge interface and enable it +ip link add $br_name type bridge +ip addr add $ip_addr/24 dev $br_name +ip addr add $ipv6_addr/112 dev $br_name +ip link set $br_name up diff --git a/selftest/ns/mk_nsenter.sh b/selftest/ns/mk_nsenter.sh new file mode 100755 index 0000000..c97fda9 --- /dev/null +++ b/selftest/ns/mk_nsenter.sh @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Helper script. If you want a 2nd shell that communicates with the testenv DC +# you can use the nsenter command to change the namespace you're in. However, +# this command is a bit unwieldly and changes depending on the testenv PID. +# We can generate a helper script on the fly that abstracts all this +# complexity, allowing you to use the same, simple command to change the +# namespace that you're in, e.g. +# st/ad_dc/nsenter.sh + +pid=$1 +exports_file=$2 + +# The basic command to enter the testenv's network namespace. +# We enter the user namespace as well (as ourself, which is really the root +# user for the namespace), otherwise we need sudo to make this work. +nsenter_cmd="nsenter -t $pid --net --user --preserve-credentials" + +# By default, the nsenter command will just start a new shell in the namespace. +# we use a wrapper helper script, which first loads all the environment +# variables that are usually defined in selftest (and prints some basic help). +helper_script="$(dirname $0)/nsenter-helper.sh $exports_file" + +# generate the dynamic script +dyn_script="$(dirname $2)/nsenter.sh" +echo "#!/bin/sh" >$dyn_script +echo "$nsenter_cmd $helper_script" >>$dyn_script +chmod 755 $dyn_script + +# return the script we created +echo "$dyn_script" diff --git a/selftest/ns/nsenter-helper.sh b/selftest/ns/nsenter-helper.sh new file mode 100755 index 0000000..4242227 --- /dev/null +++ b/selftest/ns/nsenter-helper.sh @@ -0,0 +1,29 @@ +#!/bin/sh +# +# Helper script that gets run with nsenter to manually setup a secondary shell +# session to a given namespace testenv. This basically just sets up the same +# environment variables as you normally get with selftest, for convenience. + +if [ $# -lt 1 ]; then + echo "Usage: $0 <exports-file>" + exit 1 +fi + +# we get passed a exports file with all the environment variables defined +exports_file=$1 + +# read the exports file so the new shell has appropriate variables setup +# (we export rather than sourcing here so they get inherited by the subshell) +while read -r line; do + export $line + # dump them for the user too + echo $line +done <$exports_file + +echo "" +echo "Entered $NETBIOSNAME namespace, with above variables defined." +echo "Use CTRL+D or exit to leave the namespace." +echo "" + +# start a shell session in the new namespace +$SHELL diff --git a/selftest/ns/start_in_ns.sh b/selftest/ns/start_in_ns.sh new file mode 100755 index 0000000..f16767d --- /dev/null +++ b/selftest/ns/start_in_ns.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# +# Starts samba in a separate namespace. This gets passed the interface/IP +# to use, as well as the Samba command to run. The whole script gets run +# (via unshare) in a separate namespace. + +# the first 3 args are our interface-name, parent-PID, and a exports file +# containing environment variables ($SERVER, $SERVER_IP, etc) +interface=$1 +exports_file=$2 +parent_pid=$3 + +# we write the testenv environment variables to file, which makes it easier +# to work out the $SERVER, $SERVER_IP, etc +. $exports_file + +# The namespaces we use are anonymous, which means other processes would need +# to use our PID to access the new namespace +echo "-------------------------------------------------------------" +echo "Created namespace for $NETBIOSNAME ($ENVNAME) PID $$" + +# generate a helper script if the developer wants to talk to this namespace +# in another shell +mk_nsenter_script="$(dirname $0)/mk_nsenter.sh" +helper_script=$($mk_nsenter_script $$ $exports_file) + +echo "To communicate with this testenv, use: $helper_script" +echo "-------------------------------------------------------------" + +# the rest of the args are the samba command to run +shift 3 +SAMBA_CMD=$@ + +# make sure namespace loopback is up (it's needed for ping, etc) +ip link set dev lo up + +# Create the interfaces needed for communication between namespaces. +# We use a veth pair, which acts as a tunnel between the namespaces. +# One end of the veth link is added to a common bridge in the top-level (i.e. +# selftest) namespace, and the other end is added to the testenv's namespace. +# This means each testenv DC is in its own namespace, but they can talk to +# each other via the common bridge interface. +# The new veth interfaces are named "vethX" and "vethX-br", where +# X = the testenv IP (i.e. Samba::get_interface()). E.g. ad_dc = veth30, +# and veth30-br. +# The "vethX" interface will live in the new testenv's namespace. +# The "vethX-br" end is added to the bridge in the main selftest namespace. +ip link add dev $interface-br type veth peer name $interface + +# move the bridge end of the link back into the parent namespace. +ip link set $interface-br netns $parent_pid + +# configure our IP address and bring the interface up +ip addr add $SERVER_IP/24 dev $interface +# Note that samba can't bind to the IPv6 address while DAD is in progress, +# so we use 'nodad' when configuring the address +ip addr add $SERVER_IPV6/112 dev $interface nodad +ip link set dev $interface up + +# start samba +$SAMBA_CMD diff --git a/selftest/perf_tests.py b/selftest/perf_tests.py new file mode 100644 index 0000000..2aed9de --- /dev/null +++ b/selftest/perf_tests.py @@ -0,0 +1,104 @@ +#!/usr/bin/python + +# This script generates a list of testsuites that should be run to +# test Samba performance. +# +# These tests are not intended to exercise aspect of Samba, but +# perform common simple functions or to ascertain performance. +# + +# The syntax for a testsuite is "-- TEST --" on a single line, followed +# by the name of the test, the environment it needs and the command to run, all +# three separated by newlines. All other lines in the output are considered +# comments. + +import os +from selftesthelpers import source4dir, bindir, python, plantestsuite_loadlist + +samba4srcdir = source4dir() +samba4bindir = bindir() + +plantestsuite_loadlist("samba4.ldap.ad_dc_performance.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_performance.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ndr_pack_performance.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/ndr_pack_performance.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.provision_performance.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_provision_performance.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap.ad_dc_search_performance.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, + os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_search_performance.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap.ad_dc_multi_bind.ntlm.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_multi_bind.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', '-k no', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap.ad_dc_multi_bind.krb5.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_multi_bind.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', '-k yes', + '--realm=$REALM', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldb.multi_connect.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_multi_bind.py"), + 'tdb://$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap.vlv.python(ad_dc_ntvfs)", "ad_dc_ntvfs", + [python, + os.path.join(samba4srcdir, "dsdb/tests/python/vlv.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +# this one doesn't tidy itself up fully, so leave it as last unless +# you want a messy database. +plantestsuite_loadlist("samba4.ldap.ad_dc_medley_performance.python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, + os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_medley_performance.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +# again with paged search module +plantestsuite_loadlist("samba4.ldap.ad_dc_performance.paged_search."+\ + "python(ad_dc_ntvfs)", + "ad_dc_ntvfs", + [python, + os.path.join(samba4srcdir, + "dsdb/tests/python/ad_dc_medley_performance.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '--use-paged-search', + '$LOADLIST', '$LISTOPT']) diff --git a/selftest/quick b/selftest/quick new file mode 100644 index 0000000..6700180 --- /dev/null +++ b/selftest/quick @@ -0,0 +1,41 @@ +# This file contains regexes matching the tests that should be run +# when doing a "quicktest" - verifying whether the build is working +# rather than trying to see what exactly is broken. +# +# This should be as quick as possible but cover as much code as possible. +base.unlink +base.attr +base.delete +base.tcon +base.open +base.chkpath +raw.qfsinfo +raw.qfileinfo +raw.mkdir +raw.seek +raw.open +raw.write +raw.read +raw.close +raw.ioctl +raw.rename +raw.eas +base.open +rpc.altercontext +rpc.join +rpc.echo +rpc.schannel +rpc.netlogon +rpc.unixinfo +rpc.handles +rpc.altercontext +rpc.join +rpc.handles +rpc.echo +smb.signing +smb2.session +drs.unit +samba4.blackbox.dbcheck.dc +# This needs to be here to get testing of crypt_r() +# behaviour on multiple OS distributions. +samba.tests.samba_tool.user_virtualCryptSHA_userPassword
\ No newline at end of file diff --git a/selftest/save.env.sh b/selftest/save.env.sh new file mode 100755 index 0000000..ff9ba32 --- /dev/null +++ b/selftest/save.env.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +{ + vars=$(set | + grep "^[a-zA-Z][^=]*='[^']*'$" | + grep -v '^IFS=' | + grep -v '^TERM' | + grep -v '^PPID' | + grep -v '^PS[1-9]=' | + cat) + echo "${vars}" + echo "${vars}" | sed -e 's!^\([a-zA-Z][^=]*\)=.*$!export \1!' +} >bin/restore.env.source + +echo "RUN: '. bin/restore.env.source'" diff --git a/selftest/selftest.pl b/selftest/selftest.pl new file mode 100755 index 0000000..75763ef --- /dev/null +++ b/selftest/selftest.pl @@ -0,0 +1,1017 @@ +#!/usr/bin/perl +# Bootstrap Samba and run a number of tests against it. +# Copyright (C) 2005-2010 Jelmer Vernooij <jelmer@samba.org> +# Copyright (C) 2007-2009 Stefan Metzmacher <metze@samba.org> + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +use strict; +use warnings; + +use FindBin qw($RealBin $Script); +use File::Spec; +use File::Temp qw(tempfile); +use File::Path qw(remove_tree); +use Getopt::Long; +use POSIX; +use Cwd qw(abs_path); +use lib "$RealBin"; +use Subunit; +use SocketWrapper; +use target::Samba; +use Time::HiRes qw(time); + +eval { +require Time::HiRes; +Time::HiRes->import("time"); +}; +if ($@) { + print "You don't have Time::Hires installed !\n"; +} + +my $opt_help = 0; +my $opt_target = "samba"; +my $opt_quick = 0; +my $opt_socket_wrapper = 0; +my $opt_socket_wrapper_pcap = undef; +my $opt_socket_wrapper_keep_pcap = undef; +my $opt_random_order = 0; +my $opt_one = 0; +my @opt_exclude = (); +my @opt_include = (); +my @opt_exclude_env = (); +my @opt_include_env = (); +my $opt_testenv = 0; +my $opt_list = 0; +my $opt_mitkrb5 = 0; +my $opt_resetup_env = undef; +my $opt_load_list = undef; +my $opt_libnss_wrapper_so_path = ""; +my $opt_libresolv_wrapper_so_path = ""; +my $opt_libsocket_wrapper_so_path = ""; +my $opt_libuid_wrapper_so_path = ""; +my $opt_libasan_so_path = ""; +my $opt_use_dns_faking = 0; +my @testlists = (); + +my $srcdir = "."; +my $bindir = "./bin"; +my $prefix = "./st"; + +my @includes = (); +my @excludes = (); + +sub find_in_list($$) +{ + my ($list, $fullname) = @_; + + foreach (@$list) { + if ($fullname =~ /$$_[0]/) { + return ($$_[1]) if ($$_[1]); + return ""; + } + } + + return undef; +} + +sub skip +{ + my ($name, $envname) = @_; + my ($env_basename, $env_localpart) = split(/:/, $envname); + + if ($opt_target eq "samba3" && $Samba::ENV_NEEDS_AD_DC{$env_basename}) { + return "environment $envname is disabled as this build does not include an AD DC"; + } + + if (@opt_include_env && !(grep {$_ eq $env_basename} @opt_include_env)) { + return "environment $envname is disabled (via --include-env command line option) in this test run - skipping"; + } elsif (@opt_exclude_env && grep {$_ eq $env_basename} @opt_exclude_env) { + return "environment $envname is disabled (via --exclude-env command line option) in this test run - skipping"; + } + + return find_in_list(\@excludes, $name); +} + +sub getlog_env($); + +# expand strings from %ENV +sub expand_environment_strings($) +{ + my $s = shift; + # we use a reverse sort so we do the longer ones first + foreach my $k (sort { $b cmp $a } keys %ENV) { + $s =~ s/\$$k/$ENV{$k}/g; + } + return $s; +} + +my $target; + +sub run_testsuite($$$$$) +{ + my ($envname, $name, $cmd, $i, $totalsuites) = @_; + my $pcap_file = $target->setup_pcap($name); + + Subunit::start_testsuite($name); + Subunit::progress_push(); + Subunit::report_time(); + system($cmd); + Subunit::report_time(); + Subunit::progress_pop(); + + if ($? == -1) { + print "command: $cmd\n"; + printf "expanded command: %s\n", expand_environment_strings($cmd); + Subunit::end_testsuite($name, "error", "Unable to run $cmd: $!"); + exit(1); + } elsif ($? & 127) { + print "command: $cmd\n"; + printf "expanded command: %s\n", expand_environment_strings($cmd); + Subunit::end_testsuite($name, "error", + sprintf("%s died with signal %d, %s coredump\n", $cmd, ($? & 127), ($? & 128) ? 'with' : 'without')); + exit(1); + } + + my $exitcode = $? >> 8; + + my $envlog = getlog_env($envname); + if ($envlog ne "") { + print "envlog: $envlog\n"; + } + + print "command: $cmd\n"; + printf "expanded command: %s\n", expand_environment_strings($cmd); + + if ($exitcode == 0) { + Subunit::end_testsuite($name, "success"); + } else { + Subunit::end_testsuite($name, "failure", "Exit code was $exitcode"); + } + + $target->cleanup_pcap($pcap_file, $exitcode); + + if (not $opt_socket_wrapper_keep_pcap and defined($pcap_file)) { + print "PCAP FILE: $pcap_file\n"; + } + + if ($exitcode != 0) { + exit(1) if ($opt_one); + } + + return $exitcode; +} + +sub ShowHelp() +{ + print "Samba test runner +Copyright (C) Jelmer Vernooij <jelmer\@samba.org> +Copyright (C) Stefan Metzmacher <metze\@samba.org> + +Usage: $Script [OPTIONS] TESTNAME-REGEX [TESTNAME-REGEX...] + +Generic options: + --help this help page + --target=samba[3]|win Samba version to target + --testlist=FILE file to read available tests from + --exclude=FILE Exclude tests listed in the file + --include=FILE Include tests listed in the file + --exclude-env=ENV Exclude tests for the specified environment + --include-env=ENV Include tests for the specified environment + +Paths: + --prefix=DIR prefix to run tests in [st] + --srcdir=DIR source directory [.] + --bindir=DIR binaries directory [./bin] + +Preload cwrap: + --nss_wrapper_so_path=FILE the nss_wrapper library to preload + --resolv_wrapper_so_path=FILE the resolv_wrapper library to preload + --socket_wrapper_so_path=FILE the socket_wrapper library to preload + --uid_wrapper_so_path=FILE the uid_wrapper library to preload + --asan_so_path=FILE the asan library to preload + +DNS: + --use-dns-faking Fake DNS entries rather than talking to our + DNS implementation. + +Target Specific: + --socket-wrapper-pcap save traffic to pcap directories + --socket-wrapper-keep-pcap keep all pcap files, not just those for tests that + failed + --socket-wrapper enable socket wrapper + +Behaviour: + --quick run quick overall test + --one abort when the first test fails + --testenv run a shell in the requested test environment + --list list available tests +"; + exit(0); +} + +my $result = GetOptions ( + 'help|h|?' => \$opt_help, + 'target=s' => \$opt_target, + 'prefix=s' => \$prefix, + 'socket-wrapper' => \$opt_socket_wrapper, + 'socket-wrapper-pcap' => \$opt_socket_wrapper_pcap, + 'socket-wrapper-keep-pcap' => \$opt_socket_wrapper_keep_pcap, + 'quick' => \$opt_quick, + 'one' => \$opt_one, + 'exclude=s' => \@opt_exclude, + 'include=s' => \@opt_include, + 'exclude-env=s' => \@opt_exclude_env, + 'include-env=s' => \@opt_include_env, + 'srcdir=s' => \$srcdir, + 'bindir=s' => \$bindir, + 'testenv' => \$opt_testenv, + 'list' => \$opt_list, + 'mitkrb5' => \$opt_mitkrb5, + 'resetup-environment' => \$opt_resetup_env, + 'testlist=s' => \@testlists, + 'random-order' => \$opt_random_order, + 'load-list=s' => \$opt_load_list, + 'nss_wrapper_so_path=s' => \$opt_libnss_wrapper_so_path, + 'resolv_wrapper_so_path=s' => \$opt_libresolv_wrapper_so_path, + 'socket_wrapper_so_path=s' => \$opt_libsocket_wrapper_so_path, + 'uid_wrapper_so_path=s' => \$opt_libuid_wrapper_so_path, + 'asan_so_path=s' => \$opt_libasan_so_path, + 'use-dns-faking' => \$opt_use_dns_faking + ); + +exit(1) if (not $result); + +ShowHelp() if ($opt_help); + +die("--list and --testenv are mutually exclusive") if ($opt_list and $opt_testenv); + +# we want unbuffered output +$| = 1; + +my @tests = @ARGV; + +# quick hack to disable rpc validation when using valgrind - its way too slow +unless (defined($ENV{VALGRIND})) { + $ENV{VALIDATE} = "validate"; + $ENV{MALLOC_CHECK_} = 3; +} + +# make all our python scripts unbuffered +$ENV{PYTHONUNBUFFERED} = 1; + +$ENV{SAMBA_DEPRECATED_SUPPRESS} = 1; + +# do not depend on the users setup +# see also bootstrap/config.py +$ENV{TZ} = "UTC"; +$ENV{LC_ALL} = $ENV{LANG} = "en_US.utf8"; + +my $bindir_abs = abs_path($bindir); + +my $torture_maxtime = ($ENV{TORTURE_MAXTIME} or 1200); + +$prefix =~ s+//+/+; +$prefix =~ s+/\./+/+; +$prefix =~ s+/$++; + +die("using an empty prefix isn't allowed") unless $prefix ne ""; + +# Ensure we have the test prefix around. +# +# We need restrictive +# permissions on this as some subdirectories in this tree will have +# wider permissions (ie 0777) and this would allow other users on the +# host to subvert the test process. +umask 0077; +mkdir($prefix, 0700) unless -d $prefix; +chmod 0700, $prefix; +# We need to have no umask limitations for the tests. +umask 0000; + +my $prefix_abs = abs_path($prefix); +my $tmpdir_abs = abs_path("$prefix/tmp"); +mkdir($tmpdir_abs, 0777) unless -d $tmpdir_abs; + +my $srcdir_abs = abs_path($srcdir); + +die("using an empty absolute prefix isn't allowed") unless $prefix_abs ne ""; +die("using '/' as absolute prefix isn't allowed") unless $prefix_abs ne "/"; + +$ENV{SAMBA_SELFTEST} = "1"; + +$ENV{PREFIX} = $prefix; +$ENV{PREFIX_ABS} = $prefix_abs; +$ENV{SRCDIR} = $srcdir; +$ENV{SRCDIR_ABS} = $srcdir_abs; +$ENV{BINDIR} = $bindir_abs; + +my $tls_enabled = not $opt_quick; +$ENV{TLS_ENABLED} = ($tls_enabled?"yes":"no"); + +sub prefix_pathvar($$) +{ + my ($name, $newpath) = @_; + if (defined($ENV{$name})) { + $ENV{$name} = "$newpath:$ENV{$name}"; + } else { + $ENV{$name} = $newpath; + } +} +prefix_pathvar("PKG_CONFIG_PATH", "$bindir_abs/pkgconfig"); +prefix_pathvar("PYTHONPATH", "$bindir_abs/python"); + +if ($opt_socket_wrapper_keep_pcap) { + # Socket wrapper keep pcap implies socket wrapper pcap + $opt_socket_wrapper_pcap = 1; +} + +if ($opt_socket_wrapper_pcap) { + # Socket wrapper pcap implies socket wrapper + $opt_socket_wrapper = 1; +} + +my $ld_preload = $ENV{LD_PRELOAD}; + +if ($opt_libasan_so_path) { + if ($ld_preload) { + $ld_preload = "$opt_libasan_so_path:$ld_preload"; + } else { + $ld_preload = "$opt_libasan_so_path"; + } +} + +if ($opt_libnss_wrapper_so_path) { + if ($ld_preload) { + $ld_preload = "$ld_preload:$opt_libnss_wrapper_so_path"; + } else { + $ld_preload = "$opt_libnss_wrapper_so_path"; + } +} + +if ($opt_libresolv_wrapper_so_path) { + if ($ld_preload) { + $ld_preload = "$ld_preload:$opt_libresolv_wrapper_so_path"; + } else { + $ld_preload = "$opt_libresolv_wrapper_so_path"; + } +} + +if ($opt_libsocket_wrapper_so_path) { + if ($ld_preload) { + $ld_preload = "$ld_preload:$opt_libsocket_wrapper_so_path"; + } else { + $ld_preload = "$opt_libsocket_wrapper_so_path"; + } +} + +if ($opt_libuid_wrapper_so_path) { + if ($ld_preload) { + $ld_preload = "$ld_preload:$opt_libuid_wrapper_so_path"; + } else { + $ld_preload = "$opt_libuid_wrapper_so_path"; + } +} + +if (defined($ENV{USE_NAMESPACES})) { + print "Using linux containerization for selftest testenv(s)...\n"; + + # Create a common bridge to connect up the testenv namespaces. We give + # it the client's IP address, as this is where the tests will run from + my $ipv4_addr = Samba::get_ipv4_addr("client"); + my $ipv6_addr = Samba::get_ipv6_addr("client"); + system "$ENV{SRCDIR_ABS}/selftest/ns/create_bridge.sh selftest0 $ipv4_addr $ipv6_addr"; +} + +$ENV{LD_PRELOAD} = $ld_preload; +print "LD_PRELOAD=$ENV{LD_PRELOAD}\n"; + +# Enable uid_wrapper globally +$ENV{UID_WRAPPER} = 1; + +# We are already hitting the limit, so double it. +$ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200; + +# Disable RTLD_DEEPBIND hack for Samba bind dlz module +# +# This is needed in order to allow the ldb_*ldap module +# to work with a preloaded socket wrapper. +$ENV{LDB_MODULES_DISABLE_DEEPBIND} = 1; + +my $socket_wrapper_dir; +if ($opt_socket_wrapper) { + $socket_wrapper_dir = SocketWrapper::setup_dir("$prefix_abs/w", $opt_socket_wrapper_pcap); + print "SOCKET_WRAPPER_DIR=$socket_wrapper_dir\n"; +} elsif (not $opt_list) { + unless ($< == 0) { + warn("not using socket wrapper, but also not running as root. Will not be able to listen on proper ports"); + } +} + +if ($opt_use_dns_faking) { + print "DNS: Faking nameserver\n"; + $ENV{SAMBA_DNS_FAKING} = 1; +} + +my $testenv_default = "none"; + +if ($opt_mitkrb5 == 1) { + $ENV{MITKRB5} = $opt_mitkrb5; + $ENV{KRB5RCACHETYPE} = "none"; +} + +# After this many seconds, the server will self-terminate. All tests +# must terminate in this time, and testenv will only stay alive this +# long + +my $server_maxtime; +if ($opt_testenv) { + # 1 year should be enough :-) + $server_maxtime = 365 * 24 * 60 * 60; +} else { + # make test should run under 5 hours + $server_maxtime = 5 * 60 * 60; +} + +if (defined($ENV{SMBD_MAXTIME}) and $ENV{SMBD_MAXTIME} ne "") { + $server_maxtime = $ENV{SMBD_MAXTIME}; +} + +$target = new Samba($bindir, $srcdir, $server_maxtime, + $opt_socket_wrapper_pcap, + $opt_socket_wrapper_keep_pcap); +unless ($opt_list) { + if ($opt_target eq "samba") { + $testenv_default = "ad_dc"; + } elsif ($opt_target eq "samba3") { + $testenv_default = "nt4_member"; + } +} + +sub read_test_regexes($) +{ + my ($name) = @_; + my @ret = (); + open(LF, "<$name") or die("unable to read $name: $!"); + while (<LF>) { + chomp; + next if (/^#/); + if (/^(.*?)([ \t]+)\#([\t ]*)(.*?)$/) { + push (@ret, [$1, $4]); + } else { + s/^(.*?)([ \t]+)\#([\t ]*)(.*?)$//; + push (@ret, [$_, undef]); + } + } + close(LF); + return @ret; +} + +foreach (@opt_exclude) { + push (@excludes, read_test_regexes($_)); +} + +foreach (@opt_include) { + push (@includes, read_test_regexes($_)); +} + +# We give the selftest client 6 different IPv4 addresses to use. Most tests +# only use the first (.11) IP. Note that winsreplication.c is one test that +# uses the other IPs (search for iface_list_count()). +$ENV{SOCKET_WRAPPER_IPV4_NETWORK} = "10.53.57.0"; +my $interfaces = Samba::get_interfaces_config("client", 6); + +my $clientdir = "$prefix_abs/client"; + +my $conffile = "$clientdir/client.conf"; +$ENV{SMB_CONF_PATH} = $conffile; + +sub write_clientconf($$$) +{ + my ($conffile, $clientdir, $vars) = @_; + + mkdir("$clientdir", 0777) unless -d "$clientdir"; + + my @subdirs = ( + { name => "private", mask => 0777 }, + { name => "bind-dns", mask => 0777 }, + { name => "lockdir", mask => 0777 }, + { name => "statedir", mask => 0777 }, + { name => "cachedir", mask => 0777 }, + { name => "pkinit", mask => 0700 }, + { name => "pid", mask => 0777 }, + # the ncalrpcdir needs exactly 0755 otherwise tests fail. + { name => "ncalrpcdir", mask => 0755, umask => 0022 }, + ); + + foreach my $sub (@subdirs) { + my $dir = "$clientdir/$sub->{name}"; + remove_tree($dir); + my $mask = umask; + if (defined($sub->{umask})) { + umask $sub->{umask}; + } + mkdir($dir, $sub->{mask}); + umask $mask; + } + + my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com"; + my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem"; + my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem"; + my $ca_users_dir = "$cadir/Users"; + my $client_loglevel = $ENV{CLIENT_LOG_LEVEL} || 1; + + # each user has a USER-${USER_PRINCIPAL_NAME}-cert.pem and + # USER-${USER_PRINCIPAL_NAME}-private-key.pem symlink + # We make a copy here and make the certificated easily + # accessable in the client environment. + my $mask = umask; + umask 0077; + opendir USERS, "${ca_users_dir}" or die "Could not open dir '${ca_users_dir}': $!"; + for my $d (readdir USERS) { + my $user_dir = "${ca_users_dir}/${d}"; + next if ${d} =~ /^\./; + next if (! -d "${user_dir}"); + opendir USER, "${user_dir}" or die "Could not open dir '${user_dir}': $!"; + for my $l (readdir USER) { + my $user_link = "${user_dir}/${l}"; + next if ${l} =~ /^\./; + next if (! -l "${user_link}"); + + my $dest = "${clientdir}/pkinit/${l}"; + Samba::copy_file_content(${user_link}, ${dest}); + } + closedir USER; + } + closedir USERS; + umask $mask; + + open(CF, ">$conffile"); + print CF "[global]\n"; + print CF "\tnetbios name = client\n"; + if (defined($vars->{DOMAIN})) { + print CF "\tworkgroup = $vars->{DOMAIN}\n"; + } + if (defined($vars->{REALM})) { + print CF "\trealm = $vars->{REALM}\n"; + } + if ($opt_socket_wrapper) { + print CF "\tinterfaces = $interfaces\n"; + } + print CF " + private dir = $clientdir/private + binddns dir = $clientdir/bind-dns + lock dir = $clientdir/lockdir + state directory = $clientdir/statedir + cache directory = $clientdir/cachedir + ncalrpc dir = $clientdir/ncalrpcdir + pid directory = $clientdir/pid + panic action = $RealBin/gdb_backtrace \%d + max xmit = 32K + notify:inotify = false + ldb:nosync = true + system:anonymous = true + client lanman auth = Yes + client min protocol = CORE + log level = $client_loglevel + torture:basedir = $clientdir +#We don't want to run 'speed' tests for very long + torture:timelimit = 1 + winbind separator = / + tls cafile = ${cacert} + tls crlfile = ${cacrl_pem} + tls verify peer = no_check + include system krb5 conf = no + elasticsearch:mappings = $srcdir_abs/source3/rpc_server/mdssvc/elasticsearch_mappings.json +"; + close(CF); +} + +my @todo = (); + +sub should_run_test($) +{ + my $name = shift; + if ($#tests == -1) { + return 1; + } + for (my $i=0; $i <= $#tests; $i++) { + if ($name =~ /$tests[$i]/i) { + return 1; + } + } + return 0; +} + +sub read_testlist($) +{ + my ($filename) = @_; + + my @ret = (); + open(IN, $filename) or die("Unable to open $filename: $!"); + + while (<IN>) { + if (/-- TEST(-LOADLIST|) --\n/) { + my $supports_loadlist = (defined($1) and $1 eq "-LOADLIST"); + my $name = <IN>; + $name =~ s/\n//g; + my $env = <IN>; + $env =~ s/\n//g; + my $loadlist; + if ($supports_loadlist) { + $loadlist = <IN>; + $loadlist =~ s/\n//g; + } + my $cmdline = <IN>; + $cmdline =~ s/\n//g; + if (should_run_test($name) == 1) { + push (@ret, [$name, $env, $cmdline, $loadlist]); + } + } else { + print; + } + } + close(IN) or die("Error creating recipe from $filename"); + return @ret; +} + +if ($#testlists == -1) { + die("No testlists specified"); +} + +$ENV{SELFTEST_PREFIX} = "$prefix_abs"; +$ENV{SELFTEST_TMPDIR} = "$tmpdir_abs"; +$ENV{TMPDIR} = "$tmpdir_abs"; +$ENV{TEST_DATA_PREFIX} = "$tmpdir_abs"; +if ($opt_quick) { + $ENV{SELFTEST_QUICK} = "1"; +} else { + $ENV{SELFTEST_QUICK} = ""; +} +$ENV{SELFTEST_MAXTIME} = $torture_maxtime; + +my $selftest_resolv_conf_path = "$tmpdir_abs/selftest.resolv.conf"; +$ENV{RESOLV_CONF} = "${selftest_resolv_conf_path}.global"; + +my $selftest_krbt_ccache_path = "$tmpdir_abs/selftest.krb5_ccache"; +$ENV{KRB5CCNAME} = "FILE:${selftest_krbt_ccache_path}.global"; + +my $selftest_gnupghome_path = "$tmpdir_abs/selftest.no.gnupg"; +$ENV{GNUPGHOME} = "${selftest_gnupghome_path}.global"; + +my @available = (); +foreach my $fn (@testlists) { + foreach (read_testlist($fn)) { + my $name = $$_[0]; + next if (@includes and not defined(find_in_list(\@includes, $name))); + push (@available, $_); + } +} + +my $restricted = undef; +my $restricted_used = {}; + +if ($opt_load_list) { + $restricted = []; + open(LOAD_LIST, "<$opt_load_list") or die("Unable to open $opt_load_list"); + while (<LOAD_LIST>) { + chomp; + push (@$restricted, $_); + } + close(LOAD_LIST); +} + +my $individual_tests = undef; +$individual_tests = {}; + +foreach my $testsuite (@available) { + my $name = $$testsuite[0]; + my $skipreason = skip(@$testsuite); + if (defined($restricted)) { + # Find the testsuite for this test + my $match = undef; + foreach my $r (@$restricted) { + if ($r eq $name) { + $individual_tests->{$name} = []; + $match = $r; + $restricted_used->{$r} = 1; + } elsif (substr($r, 0, length($name)+1) eq "$name.") { + push(@{$individual_tests->{$name}}, $r); + $match = $r; + $restricted_used->{$r} = 1; + } + } + if ($match) { + if (defined($skipreason)) { + if (not $opt_list) { + Subunit::skip_testsuite($name, $skipreason); + } + } else { + push(@todo, $testsuite); + } + } + } elsif (defined($skipreason)) { + if (not $opt_list) { + Subunit::skip_testsuite($name, $skipreason); + } + } else { + push(@todo, $testsuite); + } +} + +if (defined($restricted)) { + foreach (@$restricted) { + unless (defined($restricted_used->{$_})) { + print "No test or testsuite found matching $_\n"; + } + } +} elsif ($#todo == -1) { + print STDERR "No tests to run\n"; + exit(1); +} + +my $suitestotal = $#todo + 1; + +unless ($opt_list) { + Subunit::progress($suitestotal); + Subunit::report_time(); +} + +my $i = 0; +$| = 1; + +my %running_envs = (); + +sub get_running_env($) +{ + my ($name) = @_; + + my $envname = $name; + + $envname =~ s/:.*//; + + return $running_envs{$envname}; +} + +sub sighandler($) +{ + my $signame = shift; + + $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = 'DEFAULT'; + $SIG{PIPE} = 'IGNORE'; + + open(STDOUT, ">&STDERR") or die "can't dup STDOUT to STDERR: $!"; + + print "$0: PID[$$]: Got SIG${signame} teardown environments.\n"; + teardown_env($_) foreach(keys %running_envs); + system("pstree -p $$"); + print "$0: PID[$$]: Exiting...\n"; + exit(1); +}; + +$SIG{INT} = $SIG{QUIT} = $SIG{TERM} = $SIG{PIPE} = \&sighandler; + +sub setup_env($$) +{ + my ($name, $prefix) = @_; + + my $testenv_vars = undef; + + my $envname = $name; + my $option = $name; + + $envname =~ s/:.*//; + $option =~ s/^[^:]*//; + $option =~ s/^://; + + $option = "client" if $option eq ""; + + # Initially clear out the environment for the provision, so previous envs' + # variables don't leak in. Provisioning steps must explicitly set their + # necessary variables when calling out to other executables + Samba::clear_exported_envvars(); + delete $ENV{SOCKET_WRAPPER_DEFAULT_IFACE}; + delete $ENV{SMB_CONF_PATH}; + + $ENV{RESOLV_CONF} = "${selftest_resolv_conf_path}.${envname}/ignore"; + $ENV{KRB5CCNAME} = "FILE:${selftest_krbt_ccache_path}.${envname}/ignore"; + $ENV{GNUPGHOME} = "${selftest_gnupghome_path}.${envname}/ignore"; + + if (defined(get_running_env($envname))) { + $testenv_vars = get_running_env($envname); + if (not $testenv_vars->{target}->check_env($testenv_vars)) { + print $testenv_vars->{target}->getlog_env($testenv_vars); + $testenv_vars = undef; + } + } else { + $testenv_vars = $target->setup_env($envname, $prefix); + if (not defined($testenv_vars)) { + my $msg = "$opt_target can't start up known environment '$envname'"; + if ($opt_one) { + die($msg); + } + warn $msg; + return; + } + if (ref $testenv_vars ne "HASH") { + return $testenv_vars; + } + if (defined($testenv_vars->{target})) { + $testenv_vars->{target} = $target; + } + } + + return undef unless defined($testenv_vars); + + $running_envs{$envname} = $testenv_vars; + + if ($option eq "local") { + SocketWrapper::set_default_iface($testenv_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); + $ENV{SMB_CONF_PATH} = $testenv_vars->{SERVERCONFFILE}; + } elsif ($option eq "client") { + SocketWrapper::set_default_iface(11); + write_clientconf($conffile, $clientdir, $testenv_vars); + $ENV{SMB_CONF_PATH} = $conffile; + } else { + die("Unknown option[$option] for envname[$envname]"); + } + + # export the environment variables for the testenv (SERVER, SERVER_IP, etc) + Samba::export_envvars($testenv_vars); + + my $krb5_ccache_path = "${selftest_krbt_ccache_path}.${envname}.${option}"; + unlink($krb5_ccache_path); + $ENV{KRB5CCNAME} = "FILE:${krb5_ccache_path}"; + return $testenv_vars; +} + +sub getlog_env($) +{ + my ($envname) = @_; + return "" if ($envname eq "none"); + my $env = get_running_env($envname); + return $env->{target}->getlog_env($env); +} + +sub check_env($) +{ + my ($envname) = @_; + my $env = get_running_env($envname); + return $env->{target}->check_env($env); +} + +sub teardown_env($) +{ + my ($envname) = @_; + return if ($envname eq "none"); + print STDERR "teardown_env($envname)\n"; + my $env = get_running_env($envname); + $env->{target}->teardown_env($env); + delete $running_envs{$envname}; +} + +# This 'global' file needs to be empty when we start +unlink("$prefix_abs/dns_host_file"); +unlink("$prefix_abs/hosts"); + +if ($opt_random_order) { + require List::Util; + my @newtodo = List::Util::shuffle(@todo); + @todo = @newtodo; +} + +if ($opt_testenv) { + my $testenv_name = $ENV{SELFTEST_TESTENV}; + $testenv_name = $testenv_default unless defined($testenv_name); + + my $testenv_vars = setup_env($testenv_name, $prefix); + + if (not $testenv_vars or $testenv_vars eq "UNKNOWN") { + die("Unable to setup environment $testenv_name"); + } + + $ENV{PIDDIR} = $testenv_vars->{PIDDIR}; + $ENV{ENVNAME} = $testenv_name; + + my $envvarstr = Samba::exported_envvars_str($testenv_vars); + + my @term_args = ("echo -e \" +Welcome to the Samba4 Test environment '$testenv_name' + +This matches the client environment used in make test +server is pid `cat \$PIDDIR/samba.pid` + +Some useful environment variables: +TORTURE_OPTIONS=\$TORTURE_OPTIONS +SMB_CONF_PATH=\$SMB_CONF_PATH + +$envvarstr +\" && LD_LIBRARY_PATH=$ENV{LD_LIBRARY_PATH} bash"); + my @term = (); + if ($ENV{TERMINAL}) { + @term = ($ENV{TERMINAL}); + # override the default terminal args (if specified) + if (defined($ENV{TERMINAL_ARGS})) { + @term_args = split(/ /, $ENV{TERMINAL_ARGS}); + } + } else { + @term = ("xterm", "-e"); + unshift(@term_args, ("bash", "-c")); + } + + system(@term, @term_args); + + teardown_env($testenv_name); +} elsif ($opt_list) { + foreach (@todo) { + my $name = $$_[0]; + my $envname = $$_[1]; + my $cmd = $$_[2]; + my $listcmd = $$_[3]; + + unless (defined($listcmd)) { + warn("Unable to list tests in $name"); + # Rather than ignoring this testsuite altogether, just pretend the entire testsuite is + # a single "test". + print "$name\n"; + next; + } + + system($listcmd); + + if ($? == -1) { + die("Unable to run $listcmd: $!"); + } elsif ($? & 127) { + die(sprintf("%s died with signal %d, %s coredump\n", $listcmd, ($? & 127), ($? & 128) ? 'with' : 'without')); + } + + my $exitcode = $? >> 8; + if ($exitcode != 0) { + die("$cmd exited with exit code $exitcode"); + } + } +} else { + foreach (@todo) { + $i++; + my $cmd = $$_[2]; + my $name = $$_[0]; + my $envname = $$_[1]; + my $envvars = setup_env($envname, $prefix); + + if (not defined($envvars)) { + Subunit::start_testsuite($name); + Subunit::end_testsuite($name, "error", + "unable to set up environment $envname - exiting"); + next; + } elsif ($envvars eq "UNKNOWN") { + Subunit::start_testsuite($name); + Subunit::end_testsuite($name, "error", + "environment $envname is unknown - exiting"); + next; + } + + # Generate a file with the individual tests to run, if the + # test runner for this test suite supports it. + if ($individual_tests and $individual_tests->{$name}) { + if ($$_[3]) { + my ($fh, $listid_file) = tempfile(UNLINK => 0); + foreach my $test (@{$individual_tests->{$name}}) { + print $fh substr($test, length($name)+1) . "\n"; + } + $cmd =~ s/\$LOADLIST/--load-list=$listid_file/g; + } else { + warn("Unable to run individual tests in $name, it does not support --loadlist."); + } + } + + run_testsuite($envname, $name, $cmd, $i, $suitestotal); + + teardown_env($envname) if ($opt_resetup_env); + } +} + +print "\n"; + +teardown_env($_) foreach (keys %running_envs); + +my $failed = 0; + +# if there were any valgrind failures, show them +foreach (<$prefix/valgrind.log*>) { + next unless (-s $_); + print "VALGRIND FAILURE\n"; + $failed++; + system("cat $_"); +} +exit 0; diff --git a/selftest/selftest.pl.1 b/selftest/selftest.pl.1 new file mode 100644 index 0000000..f33b810 --- /dev/null +++ b/selftest/selftest.pl.1 @@ -0,0 +1,78 @@ +.IX Title "SELFTEST 1" +.TH SELFTEST 1 "2012-02-24" "selftest" "Samba" +.if n .ad l +.nh +.SH "NAME" +selftest \- Samba test runner +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +selftest \-\-help +.PP +selftest [\-\-srcdir=DIR] [\-\-bindir=DIR] [\-\-target=samba|samba3|win] [\-\-socket\-wrapper] [\-\-quick] [\-\-exclude=FILE] [\-\-include=FILE] [\-\-one] [\-\-prefix=prefix] [\-\-testlist=FILE] [\s-1TESTS\s0] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A simple test runner. \s-1TESTS\s0 is a regular expression with tests to run. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fI\-\-help\fR" 4 +.IX Item "--help" +Show list of available options. +.IP "\fI\-\-srcdir=DIR\fR" 4 +.IX Item "--srcdir=DIR" +Source directory. +.IP "\fI\-\-bindir=DIR\fR" 4 +.IX Item "--bindir=DIR" +Built binaries directory. +.IP "\fI\-\-prefix=DIR\fR" 4 +.IX Item "--prefix=DIR" +Change directory to run tests in. Default is 'st'. +.IP "\fI\-\-target samba|samba3|win\fR" 4 +.IX Item "--target samba|samba3|win" +Specify test target against which to run. Default is 'samba4'. +.IP "\fI\-\-quick\fR" 4 +.IX Item "--quick" +Run only a limited number of tests. Intended to run in about 30 seconds on +moderately recent systems. +.IP "\fI\-\-socket\-wrapper\fR" 4 +.IX Item "--socket-wrapper" +Use socket wrapper library for communication with server. Only works +when the server is running locally. +.Sp +Will prevent \s-1TCP\s0 and \s-1UDP\s0 ports being opened on the local host but +(transparently) redirects these calls to use unix domain sockets. +.IP "\fI\-\-exclude\fR" 4 +.IX Item "--exclude" +Specify a file containing a list of tests that should be skipped. Possible +candidates are tests that segfault the server, flip or don't end. +.IP "\fI\-\-include\fR" 4 +.IX Item "--include" +Specify a file containing a list of tests that should be run. Same format +as the \-\-exclude flag. +.Sp +Not includes specified means all tests will be run. +.IP "\fI\-\-one\fR" 4 +.IX Item "--one" +Abort as soon as one test fails. +.IP "\fI\-\-testlist\fR" 4 +.IX Item "--testlist" +Load a list of tests from the specified location. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fI\s-1SMBD_VALGRIND\s0\fR" 4 +.IX Item "SMBD_VALGRIND" +.PD 0 +.IP "\fI\s-1TORTURE_MAXTIME\s0\fR" 4 +.IX Item "TORTURE_MAXTIME" +.IP "\fI\s-1VALGRIND\s0\fR" 4 +.IX Item "VALGRIND" +.IP "\fI\s-1TLS_ENABLED\s0\fR" 4 +.IX Item "TLS_ENABLED" +.IP "\fIsrcdir\fR" 4 +.IX Item "srcdir" +.PD +.SH "LICENSE" +.IX Header "LICENSE" +selftest is licensed under the \s-1GNU\s0 General Public License <http://www.gnu.org/licenses/gpl.html>. +.SH "AUTHOR" +.IX Header "AUTHOR" +Pidl was written by Jelmer Vernooij. diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py new file mode 100644 index 0000000..1af8f5f --- /dev/null +++ b/selftest/selftesthelpers.py @@ -0,0 +1,229 @@ +#!/usr/bin/env python3 +# +# This script generates a list of testsuites that should be run as part of +# the Samba 4 test suite. + +# The output of this script is parsed by selftest.pl, which then decides +# which of the tests to actually run. It will, for example, skip all tests +# listed in selftest/skip or only run a subset during "make quicktest". + +# The idea is that this script outputs all of the tests of Samba 4, not +# just those that are known to pass, and list those that should be skipped +# or are known to fail in selftest/skip or selftest/knownfail. This makes it +# very easy to see what functionality is still missing in Samba 4 and makes +# it possible to run the testsuite against other servers, such as Samba 3 or +# Windows that have a different set of features. + +# The syntax for a testsuite is "-- TEST --" on a single line, followed +# by the name of the test, the environment it needs and the command to run, all +# three separated by newlines. All other lines in the output are considered +# comments. + +import os +import subprocess +import sys + + +def srcdir(): + alternate_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "..") + return os.path.normpath(os.getenv("SRCDIR", alternate_path)) + + +def source4dir(): + return os.path.normpath(os.path.join(srcdir(), "source4")) + + +def source3dir(): + return os.path.normpath(os.path.join(srcdir(), "source3")) + + +def bindir(): + return os.path.normpath(os.getenv("BINDIR", "./bin")) + + +def binpath(name): + return os.path.join(bindir(), name) + + +# Split perl variable to allow $PERL to be set to e.g. "perl -W" +perl = os.getenv("PERL", "perl").split() + +if subprocess.call(perl + ["-e", "eval require Test::More;"]) == 0: + has_perl_test_more = True +else: + has_perl_test_more = False + +python = os.getenv("PYTHON", "python") + +tap2subunit = python + " " + os.path.join(srcdir(), "selftest", "tap2subunit") + + +def valgrindify(cmdline): + """Run a command under valgrind, if $VALGRIND was set.""" + valgrind = os.getenv("VALGRIND") + if valgrind is None: + return cmdline + return valgrind + " " + cmdline + + +def plantestsuite(name, env, cmd, environ={}): + """Plan a test suite. + + :param name: Testsuite name + :param env: Environment to run the testsuite in + :param cmdline: Command line to run + """ + print("-- TEST --") + if env == "none": + fullname = name + else: + fullname = "%s(%s)" % (name, env) + print(fullname) + print(env) + + cmdline = "" + if environ: + environ = dict(environ) + cmdline_env = ["%s=%s" % item for item in environ.items()] + cmdline = " ".join(cmdline_env) + " " + + if isinstance(cmd, list): + cmdline += " ".join(cmd) + else: + cmdline += cmd + + if "$LISTOPT" in cmdline: + raise AssertionError("test %s supports --list, but not --load-list" % name) + print(cmdline + " 2>&1 " + " | " + add_prefix(name, env)) + + +def add_prefix(prefix, env, support_list=False): + if support_list: + listopt = "$LISTOPT " + else: + listopt = "" + return ("%s %s/selftest/filter-subunit %s--fail-on-empty --prefix=\"%s.\" --suffix=\"(%s)\"" % + (python, srcdir(), listopt, prefix, env)) + + +def plantestsuite_loadlist(name, env, cmdline): + print("-- TEST-LOADLIST --") + if env == "none": + fullname = name + else: + fullname = "%s(%s)" % (name, env) + print(fullname) + print(env) + if isinstance(cmdline, list): + cmdline = " ".join(cmdline) + support_list = ("$LISTOPT" in cmdline) + if "$LISTOPT" not in cmdline: + raise AssertionError("loadlist test %s does not support not --list" % name) + if "$LOADLIST" not in cmdline: + raise AssertionError("loadlist test %s does not support --load-list" % name) + print(("%s | %s" % + (cmdline.replace("$LOADLIST", ""), + add_prefix(name, env, support_list))).replace("$LISTOPT", "--list ")) + print(cmdline.replace("$LISTOPT", "") + " 2>&1 " + " | " + add_prefix(name, env, False)) + + +def skiptestsuite(name, reason): + """Indicate that a testsuite was skipped. + + :param name: Test suite name + :param reason: Reason the test suite was skipped + """ + # FIXME: Report this using subunit, but re-adjust the testsuite count somehow + print("skipping %s (%s)" % (name, reason), file=sys.stderr) + + +def planperltestsuite(name, path): + """Run a perl test suite. + + :param name: Name of the test suite + :param path: Path to the test runner + """ + if has_perl_test_more: + plantestsuite(name, "none", "%s %s | %s" % (" ".join(perl), path, tap2subunit)) + else: + skiptestsuite(name, "Test::More not available") + + +def planpythontestsuite(env, module, name=None, extra_path=[], environ={}, extra_args=[]): + environ = dict(environ) + py_path = list(extra_path) + if py_path is not None: + environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path) + args = ["%s=%s" % item for item in environ.items()] + args += [python, "-m", "samba.subunit.run", "$LISTOPT", "$LOADLIST", module] + args += extra_args + if name is None: + name = module + + plantestsuite_loadlist(name, env, args) + + +def get_env_torture_options(): + ret = [] + if not os.getenv("SELFTEST_VERBOSE"): + ret.append("--option=torture:progress=no") + if os.getenv("SELFTEST_QUICK"): + ret.append("--option=torture:quick=yes") + return ret + + +samba4srcdir = source4dir() +samba3srcdir = source3dir() +bbdir = os.path.join(srcdir(), "testprogs/blackbox") +configuration = "--configfile=$SMB_CONF_PATH" + +smbtorture4 = binpath("smbtorture") +smbtorture4_testsuite_list = subprocess.Popen( + [smbtorture4, "--list-suites"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE).communicate("")[0].decode('utf8').splitlines() + +smbtorture4_options = [ + configuration, + "--option=\'fss:sequence timeout=1\'", + "--maximum-runtime=$SELFTEST_MAXTIME", + "--basedir=$SELFTEST_TMPDIR", + "--format=subunit" +] + get_env_torture_options() + + +def plansmbtorture4testsuite(name, env, options, target, modname=None, environ={}): + if modname is None: + modname = "samba4.%s" % name + if isinstance(options, list): + options = " ".join(options) + options = " ".join(smbtorture4_options + ["--target=%s" % target]) + " " + options + cmdline = "" + if environ: + environ = dict(environ) + cmdline_env = ["%s=%s" % item for item in environ.items()] + cmdline += " ".join(cmdline_env) + " " + cmdline += " %s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) + plantestsuite_loadlist(modname, env, cmdline) + + +def smbtorture4_testsuites(prefix): + return list(filter(lambda x: x.startswith(prefix), smbtorture4_testsuite_list)) + + +smbclient3 = binpath('smbclient') +smbtorture3 = binpath('smbtorture3') +ntlm_auth3 = binpath('ntlm_auth') +net = binpath('net') +scriptdir = os.path.join(srcdir(), "script/tests") + +wbinfo = binpath('wbinfo') +dbwrap_tool = binpath('dbwrap_tool') +vfstest = binpath('vfstest') +smbcquotas = binpath('smbcquotas') +smbget = binpath('smbget') +rpcclient = binpath('rpcclient') +smbcacls = binpath('smbcacls') +smbcontrol = binpath('smbcontrol') +smbstatus = binpath('smbstatus') +timelimit = binpath('timelimit') diff --git a/selftest/skip b/selftest/skip new file mode 100644 index 0000000..d5cc786 --- /dev/null +++ b/selftest/skip @@ -0,0 +1,150 @@ +# This file contains a list of regular expressions matching testsuites that +# should be skipped during "make test". +# +# Possible reasons for adding a testsuite here: +# * Testsuite functionality not implemented on the server side +# * Testsuite crashes during run +# * Testsuite crashes server +# * Testsuite contains "flapping" tests (sometimes success, sometimes failure) +# * Testsuite hangs indefinitely +# +# If a testsuite is partially succeeding, please list the failing bits +# in the selftest/knownfail file rather than disabling the testsuite completely. +# That way those tests that do succeed still get run and we will be notified +# if a known failing test suddenly starts succeeding. +# +# If a testsuite is very slow, please add it to selftest/slow instead. +# This way it will still get run in "make slowtest" +# +# Please add a comment for each testsuite you disable explaining why +# it is being skipped. +^samba3.smbtorture_s3.*.randomipc +^samba3.smbtorture_s3.*.negnowait +^samba3.smbtorture_s3.*.nbench +^samba3.smbtorture_s3.*.errmapextract +^samba3.smbtorture_s3.*.trans2scan +^samba3.smbtorture_s3.*.nttransscan +^samba3.smbtorture_s3.*.deny1 +^samba3.smbtorture_s3.*.deny2 +^samba3.smbtorture_s3.*.openattr +^samba3.smbtorture_s3.*.casetable +^samba3.smbtorture_s3.*.eatest +^samba3.smbtorture_s3.*.mangle +^samba3.smbtorture_s3.*.utable +^samba3.smbtorture_s3.*.pipe_number +^samba3.smbtorture_s3.LOCAL-DBTRANS #hangs for some reason +^samba3.smbtorture_s3.*.DIR1 #loops on 64 bit linux with ext4 +^samba3.smbtorture_s3.plain.LOCK9.*\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.OPLOCK2\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.STREAMERROR\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.DIR1\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.DIR-CREATETIME\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.DELETE-LN\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.UID-REGRESSION-TEST\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.SHORTNAME-TEST\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.RENAME-ACCESS\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.OWNER-RIGHTS\(ad_dc_ntvfs\) # Don't test against the s4 ntvfs server anymore +^samba3.smbtorture_s3.plain.PIDHIGH\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.NTTRANS-FSCTL\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.SMB2-NEGPROT\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.BAD-NBT-SESSION\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.SMB2-SESSION-REAUTH\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.SMB2-SESSION-RECONNECT\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server +^samba3.*base.charset +^samba3.*raw.context +^samba3.*raw.ioctl +^samba3.*raw.qfileinfo +^samba3.*raw.qfsinfo +^samba3.*raw.sfileinfo.base +^samba3.smb2.hold-oplock # Not a test, but a way to block other clients for a test +^samba3.smb2.hold-sharemode # Not a test, but a way to block other clients for a test +^samba3.smb2.check-sharemode # Not a test, but a way to test sharemodes outside of Samba +^samba3.smb2.set-sparse-ioctl # For manual testing, needs additional parameters. +^samba3.smb2.zero-data-ioctl # For manual testing, needs additional parameters. +^samba3.smb2.durable-open-disconnect # Not a test, but a way to create a disconnected durable +^samba3.smb2.scan # No tests +^samba3.smb2.oplock.levelii501 # No test yet +^samba3.smb2.timestamp_resolution # See the comment on the test +^samba4.smb2.timestamp_resolution +^samba3.rpc.samr.passwords.lockout\(ad_dc\) # No point running this version, it just waits 12 times longer the samba4 version of this test, covering the same code +^samba4.base.iometer +^samba4.base.casetable +^samba4.base.nttrans +^samba4.base.scan.maxfid +^samba4.raw.eas +^samba4.raw.hold-oplock # Not a test, but a way to block other clients for a test +^samba4.smb2.hold-oplock # Not a test, but a way to block other clients for a test +^samba4.smb2.hold-sharemode # Not a test, but a way to block other clients for a test +^samba4.smb2.check-sharemode # Not a test, but a way to test sharemodes outside of Samba +^samba4.smb2.set-sparse-ioctl # For manual testing, needs additional parameters. +^samba4.smb2.zero-data-ioctl # For manual testing, needs additional parameters. +^samba4.raw.ping.pong # Needs second server to test +^samba4.rpc.samr.accessmask +^samba4.raw.scan.eamax +^samba4.smb2.samba3misc +^samba4.smb2.notify +^samba4.smb2.scan +^samba4.smb2.lease +^samba4.smb2.durable-open +^samba4.smb2.durable-v2-open +^samba4.smb2.dir +^samba4.smb2.session +^samba4.smb2.compound +^samba4.smb2.multichannel +^samba4.smb2.oplock.levelii501 # No test yet +# SMB2 in s4 does not seem to support rename correctly +^samba4.smb2.rename.*\(ad_dc_ntvfs\)$ +# some operations don't work over the CIFS NTVFS backend yet (eg. root_fid) +^samba4.ntvfs.cifs.*.base.createx_sharemodes_dir +^samba4.ntvfs.cifs.*.base.charset +^samba4.ntvfs.cifs.*.base.iometer +^samba4.ntvfs.cifs.*.base.casetable +^samba4.ntvfs.cifs.*.base.nttrans +^samba4.ntvfs.cifs.*.base.scan-maxfid +^samba4.ntvfs.cifs.*.base.utable +^samba4.ntvfs.cifs.*.base.smb +^samba4.ntvfs.cifs.*.raw. +^samba4.rpc.samsync +^samba4.rpc.remact # Not provided by Samba 4 +^samba4.rpc.oxidresolve # Not provided by Samba 4 +^samba4.rpc.eventlog # Not provided by Samba 4 +^samba4.rpc.initshutdown # Not provided by Samba 4 +^samba4.rpc.spoolss # Not provided by Samba 4 +^samba4.rpc.svcctl # Not provided by Samba 4 +^samba4.rpc.atsvc # Not provided by Samba 4 +^samba4.rpc.frsapi # Not provided by Samba 4 +^samba4.rpc.ntsvcs # Not provided by Samba 4 +^samba4.rpc.dfs # Not provided by Samba 4 +^samba4.rpc.witness # Not provided by Samba 4 +^samba4.rpc.clusapi # clusapi server support not yet provided +^samba4.rpc.iremotewinspool.*\(ad_dc_default\)$ # Not provided by Samba 4 +^samba4.*.base.samba3.* # Samba3-specific test +^samba4.*.raw.samba3.* # Samba3-specific test +^samba4.rpc..*samba3.* # Samba3-specific test +^samba4.raw.offline # Samba 4 doesn't have much offline support yet +^samba4.rpc.countcalls # this is not useful now we have full IDL +^samba4.rap.basic +^samba4.rap.scan # same thing here - we have docs now +^samba4.rap.printing # Not provided by Samba 4 +^samba4.rap.rpc +^samba4.rap.sam # Not provided by Samba 4 +bench # don't run benchmarks in our selftest +^samba4..*trans2.scan # uses huge number of file descriptors +^samba4.*.base.scan.ioctl # bad idea in make test +^samba4.*.base.scan.pipe_number # bad idea in make test +^samba4.*.base.secleak # no point on build farm +^samba4.*.base.delaywrite # This is randomly failing, depending on timing and filesystem features +^samba4.*.base.winattr +^samba4.*.base.birthtime +^samba4.*base.defer_open +^samba4.smb2.acls # new test which doesn't pass yet +^samba4.smb2.sdread +# ktutil might not be installed or from mit... +# we should build a samba4ktutil and use that instead +^samba4.blackbox.ktpass # this test isn't portable ... +^samba.tests.dcerpc.unix # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use +^samba4.smb2.mangle.*\(ad_dc_ntvfs\)$ # Ignore ad_dc_ntvfs since this is a new test +^samba4.smb2.tcon.*\(ad_dc_ntvfs\)$ # Ignore ad_dc_ntvfs since this is a new test +^samba4.smb2.mkdir.*\(ad_dc_ntvfs\)$ # Ignore ad_dc_ntvfs since this is a new test diff --git a/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X b/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X new file mode 100644 index 0000000..9ec679d --- /dev/null +++ b/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X @@ -0,0 +1,6 @@ +# GSS_KRB5_CRED_NO_CI_FLAGS_X is not available in older MIT releases (< 1.14) +^samba3.rpc.lsa.lookupsids.krb5.*ncacn.*packet.*ktest +^samba3.rpc.lsa.lookupsids.krb5.*ncacn.*sign.*ktest +^samba3.blackbox.rpcclient.krb5.*ncacn.*krb5\].*ktest +^samba3.blackbox.rpcclient.krb5.*ncacn.*packet\].*ktest +^samba3.blackbox.rpcclient.krb5.*ncacn.*sign\].*ktest diff --git a/selftest/skip.opath-required b/selftest/skip.opath-required new file mode 100644 index 0000000..0faf0c4 --- /dev/null +++ b/selftest/skip.opath-required @@ -0,0 +1,9 @@ +# Opening O_RDONLY screws kernel oplocks which is not a problem +# as only Linux has kernel oplocks and as Linux has O_PATH, we +# don't need O_RDONLY in the first place. +^samba3.smb2.kernel-oplocks.* +^samba3.smbtorture_s3.plain.OPLOCK5.* +# +# These fail because become_root() doesn't work in make test +^samba3.blackbox.dropbox.* +^samba3.raw.samba3hide.* diff --git a/selftest/skip_mit_kdc b/selftest/skip_mit_kdc new file mode 100644 index 0000000..4a51c98 --- /dev/null +++ b/selftest/skip_mit_kdc @@ -0,0 +1,5 @@ +# We do not support RODC yet +.*rodc +.*RODC +^samba4.ntvfs.cifs.ntlm.base.unlink +^samba4.ntvfs.cifs.krb5.base.unlink diff --git a/selftest/skip_mit_kdc_pre_1_20 b/selftest/skip_mit_kdc_pre_1_20 new file mode 100644 index 0000000..aa6c418 --- /dev/null +++ b/selftest/skip_mit_kdc_pre_1_20 @@ -0,0 +1,2 @@ +^samba4.blackbox.pkinit_simple +^samba4.blackbox.pkinit_pac diff --git a/selftest/slow b/selftest/slow new file mode 100644 index 0000000..7c2090c --- /dev/null +++ b/selftest/slow @@ -0,0 +1,9 @@ +# This file contains regexes matching tests that are very slow and +# should be skipped during a normal test run. +.*base.bench.holdcon.* # Slow +raw.bench.lookup # Slow +base.utable # Slow +base.smb # Slow +rpc.scanner # Slow +ntvfs.cifs.base.delaywrite # It's a slow test and having it on the proxy share is not needed +.*stress.* # Slow diff --git a/selftest/slow-none b/selftest/slow-none new file mode 100644 index 0000000..34b2608 --- /dev/null +++ b/selftest/slow-none @@ -0,0 +1,23 @@ +# This file to have control over where in autobuild the slower "none" +# tests are running, to avoid really slow tests being run on multiple +# hosts that host the samba-o3 job. +^samba.tests.docs +^ldb.python +^samba.tests.dsdb_lock +^samba4.blackbox.upgradeprovision.alpha13 +^samba4.blackbox.upgradeprovision.release-4-0-0 +^samba.tests.domain_backup_offline +^samba.tests.samba_tool.help +^samba4.blackbox.schemaupgrade +^samba4.blackbox.group.py +^samba4.blackbox.provision.py +^samba4.blackbox.upgradeprovision.current +^samba.tests.usage +^samba4.blackbox.dbcheck.release-4-0-0 +^samba4.blackbox.dbcheck.release-4-0-0.quick +^samba4.blackbox.dbcheck-links.release-4-5-0-pre1 +^samba4.blackbox.dbcheck.release-4-1-0rc3 +^samba4.blackbox.dbcheck.release-4-1-0rc3.quick +^samba.tests.samba_tool.visualize +^samba4.blackbox.functionalprep +^samba4.blackbox.dbcheck.alpha13.quick diff --git a/selftest/subunithelper.py b/selftest/subunithelper.py new file mode 100644 index 0000000..801149f --- /dev/null +++ b/selftest/subunithelper.py @@ -0,0 +1,729 @@ +# Python module for parsing and generating the Subunit protocol +# (Samba-specific) +# Copyright (C) 2008-2009 Jelmer Vernooij <jelmer@samba.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +__all__ = ['parse_results'] + +import datetime +import re +import sys +import os +from samba import subunit +from samba.subunit.run import TestProtocolClient +import unittest +try: + from dateutil.parser import isoparse as iso_parse_date +except ImportError: + try: + from iso8601 import parse_date as iso_parse_date; + except ImportError: + print('Install either python-dateutil >= 2.7.1 or python-iso8601') + + +VALID_RESULTS = set(['success', 'successful', 'failure', 'fail', 'skip', + 'knownfail', 'error', 'xfail', 'skip-testsuite', + 'testsuite-failure', 'testsuite-xfail', + 'testsuite-success', 'testsuite-error', + 'uxsuccess', 'testsuite-uxsuccess']) + + +class TestsuiteEnabledTestResult(unittest.TestResult): + + def start_testsuite(self, name): + raise NotImplementedError(self.start_testsuite) + + +def parse_results(msg_ops, statistics, fh): + exitcode = 0 + open_tests = {} + + for l in fh: + parts = l.split(None, 1) + if not len(parts) == 2 or not l.startswith(parts[0]): + msg_ops.output_msg(l) + continue + command = parts[0].rstrip(":") + arg = parts[1] + if command in ("test", "testing"): + msg_ops.control_msg(l) + name = arg.rstrip() + test = subunit.RemotedTestCase(name) + if name in open_tests: + msg_ops.addError(open_tests.pop(name), subunit.RemoteError(u"Test already running")) + msg_ops.startTest(test) + open_tests[name] = test + elif command == "time": + msg_ops.control_msg(l) + try: + dt = iso_parse_date(arg.rstrip("\n")) + except TypeError as e: + print("Unable to parse time line: %s" % arg.rstrip("\n")) + else: + msg_ops.time(dt) + elif command in VALID_RESULTS: + msg_ops.control_msg(l) + result = command + grp = re.match("(.*?)( \[)?([ \t]*)( multipart)?\n", arg) + (testname, hasreason) = (grp.group(1), grp.group(2)) + if hasreason: + reason = "" + # reason may be specified in next lines + terminated = False + for l in fh: + msg_ops.control_msg(l) + if l == "]\n": + terminated = True + break + else: + reason += l + + if isinstance(reason, bytes): + remote_error = subunit.RemoteError(reason.decode("utf-8")) + else: + remote_error = subunit.RemoteError(reason) + + if not terminated: + statistics['TESTS_ERROR'] += 1 + msg_ops.addError(subunit.RemotedTestCase(testname), + subunit.RemoteError(u"result (%s) reason (%s) interrupted" % (result, reason))) + return 1 + else: + reason = None + remote_error = subunit.RemoteError(u"No reason specified") + if result in ("success", "successful"): + try: + test = open_tests.pop(testname) + except KeyError: + statistics['TESTS_ERROR'] += 1 + exitcode = 1 + msg_ops.addError(subunit.RemotedTestCase(testname), subunit.RemoteError(u"Test was never started")) + else: + statistics['TESTS_EXPECTED_OK'] += 1 + msg_ops.addSuccess(test) + elif result in ("xfail", "knownfail"): + try: + test = open_tests.pop(testname) + except KeyError: + statistics['TESTS_ERROR'] += 1 + exitcode = 1 + msg_ops.addError(subunit.RemotedTestCase(testname), subunit.RemoteError(u"Test was never started")) + else: + statistics['TESTS_EXPECTED_FAIL'] += 1 + msg_ops.addExpectedFailure(test, remote_error) + elif result in ("uxsuccess", ): + try: + test = open_tests.pop(testname) + except KeyError: + statistics['TESTS_ERROR'] += 1 + exitcode = 1 + msg_ops.addError(subunit.RemotedTestCase(testname), subunit.RemoteError(u"Test was never started")) + else: + statistics['TESTS_UNEXPECTED_OK'] += 1 + msg_ops.addUnexpectedSuccess(test) + exitcode = 1 + elif result in ("failure", "fail"): + try: + test = open_tests.pop(testname) + except KeyError: + statistics['TESTS_ERROR'] += 1 + exitcode = 1 + msg_ops.addError(subunit.RemotedTestCase(testname), subunit.RemoteError(u"Test was never started")) + else: + statistics['TESTS_UNEXPECTED_FAIL'] += 1 + exitcode = 1 + msg_ops.addFailure(test, remote_error) + elif result == "skip": + statistics['TESTS_SKIP'] += 1 + # Allow tests to be skipped without prior announcement of test + try: + test = open_tests.pop(testname) + except KeyError: + test = subunit.RemotedTestCase(testname) + msg_ops.addSkip(test, reason) + elif result == "error": + statistics['TESTS_ERROR'] += 1 + exitcode = 1 + try: + test = open_tests.pop(testname) + except KeyError: + test = subunit.RemotedTestCase(testname) + msg_ops.addError(test, remote_error) + elif result == "skip-testsuite": + msg_ops.skip_testsuite(testname) + elif result == "testsuite-success": + msg_ops.end_testsuite(testname, "success", reason) + elif result == "testsuite-failure": + msg_ops.end_testsuite(testname, "failure", reason) + exitcode = 1 + elif result == "testsuite-xfail": + msg_ops.end_testsuite(testname, "xfail", reason) + elif result == "testsuite-uxsuccess": + msg_ops.end_testsuite(testname, "uxsuccess", reason) + exitcode = 1 + elif result == "testsuite-error": + msg_ops.end_testsuite(testname, "error", reason) + exitcode = 1 + else: + raise AssertionError("Recognized but unhandled result %r" % + result) + elif command == "testsuite": + msg_ops.start_testsuite(arg.strip()) + elif command == "progress": + arg = arg.strip() + if arg == "pop": + msg_ops.progress(None, subunit.PROGRESS_POP) + elif arg == "push": + msg_ops.progress(None, subunit.PROGRESS_PUSH) + elif arg[0] in '+-': + msg_ops.progress(int(arg), subunit.PROGRESS_CUR) + else: + msg_ops.progress(int(arg), subunit.PROGRESS_SET) + else: + msg_ops.output_msg(l) + + while open_tests: + test = subunit.RemotedTestCase(open_tests.popitem()[1]) + msg_ops.addError(test, subunit.RemoteError(u"was started but never finished!")) + statistics['TESTS_ERROR'] += 1 + exitcode = 1 + + return exitcode + + +class SubunitOps(TestProtocolClient, TestsuiteEnabledTestResult): + + def progress(self, count, whence): + if whence == subunit.PROGRESS_POP: + self._stream.write("progress: pop\n") + elif whence == subunit.PROGRESS_PUSH: + self._stream.write("progress: push\n") + elif whence == subunit.PROGRESS_SET: + self._stream.write("progress: %d\n" % count) + elif whence == subunit.PROGRESS_CUR: + raise NotImplementedError + + # The following are Samba extensions: + def start_testsuite(self, name): + self._stream.write("testsuite: %s\n" % name) + + def skip_testsuite(self, name, reason=None): + if reason: + self._stream.write("skip-testsuite: %s [\n%s\n]\n" % (name, reason)) + else: + self._stream.write("skip-testsuite: %s\n" % name) + + def end_testsuite(self, name, result, reason=None): + if reason: + self._stream.write("testsuite-%s: %s [\n%s\n]\n" % (result, name, reason)) + else: + self._stream.write("testsuite-%s: %s\n" % (result, name)) + + def output_msg(self, msg): + self._stream.write(msg) + + +def read_test_regexes(*names): + ret = [] + files = [] + for name in names: + # if we are given a directory, we read all the files it contains + # (except the ones that end with "~"). + if os.path.isdir(name): + files.extend([os.path.join(name, x) + for x in os.listdir(name) + if x[-1] != '~']) + else: + files.append(name) + + for filename in files: + with open(filename, 'r') as f: + for l in f: + l = l.strip() + if l == "" or l[0] == "#": + continue + if "#" in l: + (regex, reason) = l.split("#", 1) + ret.append(re.compile(regex.strip())) + else: + ret.append(re.compile(l)) + + return ret + + +def find_in_list(regexes, fullname): + for regex in regexes: + if regex.match(fullname): + return True + return False + + +class ImmediateFail(Exception): + """Raised to abort immediately.""" + + def __init__(self): + super(ImmediateFail, self).__init__("test failed and fail_immediately set") + + +class FilterOps(unittest.TestResult): + + def control_msg(self, msg): + pass # We regenerate control messages, so ignore this + + def time(self, time): + self._ops.time(time) + + def progress(self, delta, whence): + self._ops.progress(delta, whence) + + def output_msg(self, msg): + if self.output is None: + sys.stdout.write(msg) + else: + self.output += msg + + def startTest(self, test): + self.seen_output = True + test = self._add_prefix(test) + if self.strip_ok_output: + self.output = "" + + self._ops.startTest(test) + + def _add_prefix(self, test): + return subunit.RemotedTestCase(self.prefix + test.id() + self.suffix) + + def addError(self, test, err=None): + test = self._add_prefix(test) + self.error_added += 1 + self.total_error += 1 + self._ops.addError(test, err) + self._ops.writeOutcome(test) + self.output = None + if self.fail_immediately: + raise ImmediateFail() + + def addSkip(self, test, reason=None): + self.seen_output = True + test = self._add_prefix(test) + self._ops.addSkip(test, reason) + self._ops.writeOutcome(test) + self.output = None + + def addExpectedFailure(self, test, err=None): + test = self._add_prefix(test) + self._ops.addExpectedFailure(test, err) + self._ops.writeOutcome(test) + self.output = None + + def addUnexpectedSuccess(self, test): + test = self._add_prefix(test) + self.uxsuccess_added += 1 + self.total_uxsuccess += 1 + self._ops.addUnexpectedSuccess(test) + self._ops.writeOutcome(test) + if self.output: + self._ops.output_msg(self.output) + self.output = None + if self.fail_immediately: + raise ImmediateFail() + + def addFailure(self, test, err=None): + test = self._add_prefix(test) + xfail = find_in_list(self.expected_failures, test.id()) + if not xfail: + xfail = find_in_list(self.flapping, test.id()) + if xfail: + self.xfail_added += 1 + self.total_xfail += 1 + self._ops.addExpectedFailure(test, err) + self._ops.writeOutcome(test) + else: + self.fail_added += 1 + self.total_fail += 1 + self._ops.addFailure(test, err) + self._ops.writeOutcome(test) + if self.output: + self._ops.output_msg(self.output) + if self.fail_immediately: + raise ImmediateFail() + self.output = None + + def addSuccess(self, test): + test = self._add_prefix(test) + xfail = find_in_list(self.expected_failures, test.id()) + if xfail: + self.uxsuccess_added += 1 + self.total_uxsuccess += 1 + self._ops.addUnexpectedSuccess(test) + self._ops.writeOutcome(test) + if self.output: + self._ops.output_msg(self.output) + if self.fail_immediately: + raise ImmediateFail() + else: + self._ops.addSuccess(test) + self._ops.writeOutcome(test) + self.output = None + + def skip_testsuite(self, name, reason=None): + self._ops.skip_testsuite(name, reason) + + def start_testsuite(self, name): + self._ops.start_testsuite(name) + self.error_added = 0 + self.fail_added = 0 + self.xfail_added = 0 + self.uxsuccess_added = 0 + + def end_testsuite(self, name, result, reason=None): + xfail = False + + if self.xfail_added > 0: + xfail = True + if self.fail_added > 0 or self.error_added > 0 or self.uxsuccess_added > 0: + xfail = False + + if xfail and result in ("fail", "failure"): + result = "xfail" + + if self.uxsuccess_added > 0 and result != "uxsuccess": + result = "uxsuccess" + if reason is None: + reason = "Subunit/Filter Reason" + reason += "\n uxsuccess[%d]" % self.uxsuccess_added + + if self.fail_added > 0 and result != "failure": + result = "failure" + if reason is None: + reason = "Subunit/Filter Reason" + reason += "\n failures[%d]" % self.fail_added + + if self.error_added > 0 and result != "error": + result = "error" + if reason is None: + reason = "Subunit/Filter Reason" + reason += "\n errors[%d]" % self.error_added + + self._ops.end_testsuite(name, result, reason) + if result not in ("success", "xfail"): + if self.output: + self._ops.output_msg(self.output) + if self.fail_immediately: + raise ImmediateFail() + self.output = None + + def __init__(self, out, prefix=None, suffix=None, expected_failures=None, + strip_ok_output=False, fail_immediately=False, + flapping=None): + self._ops = out + self.seen_output = False + self.output = None + self.prefix = prefix + self.suffix = suffix + if expected_failures is not None: + self.expected_failures = expected_failures + else: + self.expected_failures = [] + if flapping is not None: + self.flapping = flapping + else: + self.flapping = [] + self.strip_ok_output = strip_ok_output + self.xfail_added = 0 + self.fail_added = 0 + self.uxsuccess_added = 0 + self.total_xfail = 0 + self.total_error = 0 + self.total_fail = 0 + self.total_uxsuccess = 0 + self.error_added = 0 + self.fail_immediately = fail_immediately + + +class PerfFilterOps(unittest.TestResult): + + def progress(self, delta, whence): + pass + + def output_msg(self, msg): + pass + + def control_msg(self, msg): + pass + + def skip_testsuite(self, name, reason=None): + self._ops.skip_testsuite(name, reason) + + def start_testsuite(self, name): + self.suite_has_time = False + + def end_testsuite(self, name, result, reason=None): + pass + + def _add_prefix(self, test): + return subunit.RemotedTestCase(self.prefix + test.id() + self.suffix) + + def time(self, time): + self.latest_time = time + #self._ops.output_msg("found time %s\n" % time) + self.suite_has_time = True + + def get_time(self): + if self.suite_has_time: + return self.latest_time + return datetime.datetime.utcnow() + + def startTest(self, test): + self.seen_output = True + test = self._add_prefix(test) + self.starts[test.id()] = self.get_time() + + def addSuccess(self, test): + test = self._add_prefix(test) + tid = test.id() + if tid not in self.starts: + self._ops.addError(test, "%s succeeded without ever starting!" % tid) + delta = self.get_time() - self.starts[tid] + self._ops.output_msg("elapsed-time: %s: %f\n" % (tid, delta.total_seconds())) + + def addFailure(self, test, err=''): + tid = test.id() + delta = self.get_time() - self.starts[tid] + self._ops.output_msg("failure: %s failed after %f seconds (%s)\n" % + (tid, delta.total_seconds(), err)) + + def addError(self, test, err=''): + tid = test.id() + delta = self.get_time() - self.starts[tid] + self._ops.output_msg("error: %s failed after %f seconds (%s)\n" % + (tid, delta.total_seconds(), err)) + + def __init__(self, out, prefix='', suffix=''): + self._ops = out + self.prefix = prefix or '' + self.suffix = suffix or '' + self.starts = {} + self.seen_output = False + self.suite_has_time = False + + +class PlainFormatter(TestsuiteEnabledTestResult): + + def __init__(self, verbose, immediate, statistics, + totaltests=None): + super(PlainFormatter, self).__init__() + self.verbose = verbose + self.immediate = immediate + self.statistics = statistics + self.start_time = None + self.test_output = {} + self.suitesfailed = [] + self.suites_ok = 0 + self.skips = {} + self.index = 0 + self.name = None + self._progress_level = 0 + self.totalsuites = totaltests + self.last_time = None + + @staticmethod + def _format_time(delta): + minutes, seconds = divmod(delta.seconds, 60) + hours, minutes = divmod(minutes, 60) + ret = "" + if hours: + ret += "%dh" % hours + if minutes: + ret += "%dm" % minutes + ret += "%ds" % seconds + return ret + + def progress(self, offset, whence): + if whence == subunit.PROGRESS_POP: + self._progress_level -= 1 + elif whence == subunit.PROGRESS_PUSH: + self._progress_level += 1 + elif whence == subunit.PROGRESS_SET: + if self._progress_level == 0: + self.totalsuites = offset + elif whence == subunit.PROGRESS_CUR: + raise NotImplementedError + + def time(self, dt): + if self.start_time is None: + self.start_time = dt + self.last_time = dt + + def start_testsuite(self, name): + self.index += 1 + self.name = name + + if not self.verbose: + self.test_output[name] = "" + + total_tests = (self.statistics['TESTS_EXPECTED_OK'] + + self.statistics['TESTS_EXPECTED_FAIL'] + + self.statistics['TESTS_ERROR'] + + self.statistics['TESTS_UNEXPECTED_FAIL'] + + self.statistics['TESTS_UNEXPECTED_OK']) + + out = "[%d(%d)" % (self.index, total_tests) + if self.totalsuites is not None: + out += "/%d" % self.totalsuites + if self.start_time is not None: + out += " at " + self._format_time(self.last_time - self.start_time) + if self.suitesfailed: + out += ", %d errors" % (len(self.suitesfailed),) + out += "] %s" % name + if self.immediate: + sys.stdout.write(out + "\n") + else: + sys.stdout.write(out + ": ") + + def output_msg(self, output): + if self.verbose: + sys.stdout.write(output) + elif self.name is not None: + self.test_output[self.name] += output + else: + sys.stdout.write(output) + + def control_msg(self, output): + pass + + def end_testsuite(self, name, result, reason): + out = "" + unexpected = False + + if name not in self.test_output: + print("no output for name[%s]" % name) + + if result in ("success", "xfail"): + self.suites_ok += 1 + else: + self.output_msg("ERROR: Testsuite[%s]\n" % name) + if reason is not None: + self.output_msg("REASON: %s\n" % (reason,)) + self.suitesfailed.append(name) + if self.immediate and not self.verbose and name in self.test_output: + out += self.test_output[name] + unexpected = True + + if not self.immediate: + if not unexpected: + out += " ok\n" + else: + out += " " + result.upper() + "\n" + + sys.stdout.write(out) + + def startTest(self, test): + pass + + def addSuccess(self, test): + self.end_test(test.id(), "success", False) + + def addError(self, test, err=None): + self.end_test(test.id(), "error", True, err) + + def addFailure(self, test, err=None): + self.end_test(test.id(), "failure", True, err) + + def addSkip(self, test, reason=None): + self.end_test(test.id(), "skip", False, reason) + + def addExpectedFailure(self, test, err=None): + self.end_test(test.id(), "xfail", False, err) + + def addUnexpectedSuccess(self, test): + self.end_test(test.id(), "uxsuccess", True) + + def end_test(self, testname, result, unexpected, err=None): + if not unexpected: + self.test_output[self.name] = "" + if not self.immediate: + sys.stdout.write({ + 'failure': 'f', + 'xfail': 'X', + 'skip': 's', + 'success': '.'}.get(result, "?(%s)" % result)) + return + + if self.name not in self.test_output: + self.test_output[self.name] = "" + + self.test_output[self.name] += "UNEXPECTED(%s): %s\n" % (result, testname) + if err is not None: + self.test_output[self.name] += "REASON: %s\n" % str(err[1]).strip() + + if self.immediate and not self.verbose: + sys.stdout.write(self.test_output[self.name]) + self.test_output[self.name] = "" + + if not self.immediate: + sys.stdout.write({ + 'error': 'E', + 'failure': 'F', + 'uxsuccess': 'U', + 'success': 'S'}.get(result, "?")) + + def write_summary(self, path): + f = open(path, 'w+') + + if self.suitesfailed: + f.write("= Failed tests =\n") + + for suite in self.suitesfailed: + f.write("== %s ==\n" % suite) + if suite in self.test_output: + f.write(self.test_output[suite] + "\n\n") + + f.write("\n") + + if not self.immediate and not self.verbose: + for suite in self.suitesfailed: + print("=" * 78) + print("FAIL: %s" % suite) + if suite in self.test_output: + print(self.test_output[suite]) + print("") + + f.write("= Skipped tests =\n") + for reason in self.skips.keys(): + f.write(reason + "\n") + for name in self.skips[reason]: + f.write("\t%s\n" % name) + f.write("\n") + f.close() + + if (not self.suitesfailed and + not self.statistics['TESTS_UNEXPECTED_FAIL'] and + not self.statistics['TESTS_UNEXPECTED_OK'] and + not self.statistics['TESTS_ERROR']): + ok = (self.statistics['TESTS_EXPECTED_OK'] + + self.statistics['TESTS_EXPECTED_FAIL']) + print("\nALL OK (%d tests in %d testsuites)" % (ok, self.suites_ok)) + else: + print("\nFAILED (%d failures, %d errors and %d unexpected successes in %d testsuites)" % ( + self.statistics['TESTS_UNEXPECTED_FAIL'], + self.statistics['TESTS_ERROR'], + self.statistics['TESTS_UNEXPECTED_OK'], + len(self.suitesfailed))) + + def skip_testsuite(self, name, reason="UNKNOWN"): + self.skips.setdefault(reason, []).append(name) + if self.totalsuites: + self.totalsuites -= 1 diff --git a/selftest/tap2subunit b/selftest/tap2subunit new file mode 100755 index 0000000..e569e7f --- /dev/null +++ b/selftest/tap2subunit @@ -0,0 +1,128 @@ +#!/usr/bin/python +# +# tap2subunit: convert a tap stream to a subunit stream. +# Extract from the subunit source: +# Copyright (C) 2005 Robert Collins <robertc@robertcollins.net> +# +# Licensed under either the Apache License, Version 2.0 or the BSD 3-clause +# license at the users choice. A copy of both licenses are available in the +# project source as Apache-2.0 and BSD. You may not use this file except in +# compliance with one of these two licences. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under these licenses is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# license you chose for the specific language governing permissions and +# limitations under that license. +# + + +import re +import sys + +def TAP2SubUnit(tap, subunit): + """Filter a TAP pipe into a subunit pipe. + + :param tap: A tap pipe/stream/file object. + :param subunit: A pipe/stream/file object to write subunit results to. + :return: The exit code to exit with. + """ + BEFORE_PLAN = 0 + AFTER_PLAN = 1 + SKIP_STREAM = 2 + state = BEFORE_PLAN + plan_start = 1 + plan_stop = 0 + def _skipped_test(subunit, plan_start): + # Some tests were skipped. + subunit.write('test: test %d\n' % plan_start) + subunit.write('error: test %d [\n' % plan_start) + subunit.write('test missing from TAP output\n') + subunit.write(']\n') + return plan_start + 1 + # Test data for the next test to emit + test_name = None + log = [] + result = None + def _emit_test(): + "write out a test" + if test_name is None: + return + subunit.write("test: %s\n" % test_name) + if not log: + subunit.write("%s: %s\n" % (result, test_name)) + else: + subunit.write("%s: %s [\n" % (result, test_name)) + if log: + for line in log: + subunit.write("%s\n" % line) + subunit.write("]\n") + del log[:] + for line in tap: + if state == BEFORE_PLAN: + match = re.match("(\d+)\.\.(\d+)\s*(?:\#\s+(.*))?\n", line) + if match: + state = AFTER_PLAN + _, plan_stop, comment = match.groups() + plan_stop = int(plan_stop) + if plan_start > plan_stop and plan_stop == 0: + # skipped file + state = SKIP_STREAM + subunit.write("test: file skip\n") + subunit.write("skip: file skip [\n") + subunit.write("%s\n" % comment) + subunit.write("]\n") + continue + # not a plan line, or have seen one before + match = re.match("(ok|not ok)(?:\s+(\d+)?)?(?:\s+([^#]*[^#\s]+)\s*)?(?:\s+#\s+(TODO|SKIP|skip|todo)(?:\s+(.*))?)?\n", line) + if match: + # new test, emit current one. + _emit_test() + status, number, description, directive, directive_comment = match.groups() + if status == 'ok': + result = 'success' + else: + result = "failure" + if description is None: + description = '' + else: + description = ' ' + description + if directive is not None: + if directive.upper() == 'TODO': + result = 'xfail' + elif directive.upper() == 'SKIP': + result = 'skip' + if directive_comment is not None: + log.append(directive_comment) + if number is not None: + number = int(number) + while plan_start < number: + plan_start = _skipped_test(subunit, plan_start) + test_name = "test %d%s" % (plan_start, description) + plan_start += 1 + continue + match = re.match("Bail out\!(?:\s*(.*))?\n", line) + if match: + reason, = match.groups() + if reason is None: + extra = '' + else: + extra = ' %s' % reason + _emit_test() + test_name = "Bail out!%s" % extra + result = "error" + state = SKIP_STREAM + continue + match = re.match("\#.*\n", line) + if match: + log.append(line[:-1]) + continue + subunit.write(line) + _emit_test() + while plan_start <= plan_stop: + # record missed tests + plan_start = _skipped_test(subunit, plan_start) + return 0 + + +sys.exit(TAP2SubUnit(sys.stdin, sys.stdout)) diff --git a/selftest/target/README b/selftest/target/README new file mode 100644 index 0000000..81d7447 --- /dev/null +++ b/selftest/target/README @@ -0,0 +1,137 @@ +Selftest target environments (testenvs) +======================================= +Samba's integration testing heavily relies on the automatic creation of a Samba +network. This specialized test environment is generally referred to as a Samba +'testenv'. + +A testenv involves starting the Samba server listening on a fake network, which +is established using the socket_wrapper library from cwrap (https://cwrap.org). +All testing is also done as a non-root user using the uid_wrapper library, also +from cwrap. + +Samba's test framework uses many different types of testenv. Each testenv is +customized to test a particular Samba feature or configuration. Using cwrap +allows multiple different Samba servers to run at the same time, without +interference. + +Some of the different testenvs are described in more detail below. + +Important notes if adding a new testenv +--------------------------------------- +- When adding a new testenv, in the Perl code it is recommended to always +explicitly specify the --configfile option in the samba-tool command, i.e. add +"env->{CONFIGURATION}" to the samba-tool command. Otherwise, the samba-tool +can try to load smb.conf from the default install location (i.e. +/usr/local/samba/etc/smb.conf). Loading a host-specific smb.conf that's outside +of the testenv is obviously not ideal and something we want to avoid in a +reliable test framework. + +'local' disambiguation +---------------------- +You may notice some variation in the target testenv that test suites are run +against, for example "ad_dc" and "ad_dc:local". The main difference is the +":local" changes the smb.conf that the testenv uses. By default, the testenvs +use the st/client/client.conf config-file, so that they simulate a client +talking to the Samba server. However, some tests may want to simulate running +a command on the Samba server itself. In these cases, the ":local" is used, +which means the testenv uses the Samba server's smb.conf instead (i.e. +st/ad_dc/etc/smb.conf). + +Note that several of the testenvs also use local in their name, e.g. +'localvampiredc'. In particular, there's the 'localdc', which is the NetBIOS +name of the DC in the 'ad_dc_ntvfs' testenv. + +dns_hub +------- +dns_hub doesn't run a Samba/smbd server like the other testenvs do. It's there +to solve the problem of how to do DNS more nicely in selftest. Running +autobuild can start up a lot of different testenvs, and so we end up with +different DCs running in different domains. Each test suite only wants to talk +to a specific domain at a time. However, by default the tests all use a common +client.conf - essentially the tests are simulating a single client that's +pretending to be in several different domains. The problem is when the test +wants to resolve a DNS host, which DC should it ask? Each DC only knows about its +own realm. dns_hub.py acts as a proxy, so it works out the correct DC to forward +the query to, based on the queried host's realm. + +Vampire DC +---------- +Vampire DC gets its name for historic reasons. It's one of the few testenvs +where 2 DCs are joined together, so it's used for a lot of DRS replication +testing. Basically its main job is to 'suck' the database changes out of +another DC (the 'ad_dc_ntfvs' DC). + +There's also a 'vampire_2000_dc' that joins the 'fl2000dc' DC, although that's +not used very much. + +Backup/restore testenvs +----------------------- +Several testenvs are created to test the domain backup/restore commands. These +testenvs verify that we can backup and restore a domain's database, start +Samba against it, and the restored database is actually functional. There are +several different flavours of backups (to cover different use-cases), so there +are separate testenvs for each one. + +- backupfromdc: A fairly plain AD DC used as the base to generate the + backup-files. These backup-files will then seed the domain database + for the separate testenvs below. + Backupfromdc's other unique feature is that it's the only testenv that gets + provisioned with a non-default site, i.e. Default-First-Site-Name doesn't + exist. +- restoredc: tests the 'backup online' option. Online backups are similar to + doing a DC join. + Restoredc's other unique feature is that is has SMBv1 disabled. +- offlinebackupdc: tests the 'backup offline' option. Offline backups capture + the raw DB files on disk (safely). +- renamedc: tests the 'backup rename' option, where the domain and realm are + renamed. +- labdc: one of the use-cases for the backup tool is to create a realistic + pre-production testbed, based off a production DC. This testenv simulates + that process. It uses the 'backup rename --no-secrets' option. + +customdc testenv +---------------- +The customdc is a special testenv that's only used for manual testing, rather +than the automated tests most testenvs are primarily used for. + +The customdc testenv also uses the backup/restore tool, however, it is quite +special. Instead of the backup-file being automatically generated from a +vanilla AD DC (i.e. backupfromdc), you can specify any backup-file you like. + +To run the testenv, you need to specify a 'BACKUP_FILE' shell variable, e.g. + +BACKUP_FILE=/tmp/samba-backup-50k-dc-0-mdb-50k-offline.tar.bz2 \ + SELFTEST_TESTENV=customdc make testenv + +The main use-case for the customdc is testing changes against a large +database. Adding users is very time-consuming, so it's much quicker to populate +a domain with users once, take a backup, and then you can spin up a testenv +based on the backup multiple times. + +Another use-case is that if you get a database that's corrupted or in a bad +state, then you could save a backup and be able to easily get the database back +into the bad state. This allows you to try different commands to diagnose/fix +the issue, without fear of never seeing the problem again. + +You could even spin up a 'lab DC' inside a testenv, by taking a backup of a +real network DC. + +preforkrestartdc testenv +------------------------ +Used to test killing and restarting processes under the pre-fork model. Due to +the destructive nature of the tests, it's not recommended to use this testenv +for anything else. + +proclimitdc testenv +------------------- +Used to test process limits on the standard model. It sets the number of +allowed processes artificially low, to test that new connections are refused +correctly. Due to the limited number of connections accepted, it's not +recommended to use this testenv for anything else. + +schema_dc +---------------- +This is a 2-DC testenv setup (schema_dc and schema_pair_dc). +We provision the first DC, and join the second, using an older version of the +schema (2008R2), then start-up Samba. Then, we run a schema upgrade (i.e. +'samba-tool domain schemaupgrade') on the PDC. diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm new file mode 100644 index 0000000..2131e4a --- /dev/null +++ b/selftest/target/Samba.pm @@ -0,0 +1,1108 @@ +#!/usr/bin/perl +# Bootstrap Samba and run a number of tests against it. +# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org> +# Published under the GNU GPL, v3 or later. + +package Samba; + +use strict; +use warnings; +use target::Samba3; +use target::Samba4; +use POSIX; +use Cwd qw(abs_path); +use IO::Poll qw(POLLIN); + +sub new($$$$$) { + my ($classname, $bindir, $srcdir, $server_maxtime, + $opt_socket_wrapper_pcap, $opt_socket_wrapper_keep_pcap) = @_; + + my $self = { + opt_socket_wrapper_pcap => $opt_socket_wrapper_pcap, + opt_socket_wrapper_keep_pcap => $opt_socket_wrapper_keep_pcap, + }; + $self->{samba3} = new Samba3($self, $bindir, $srcdir, $server_maxtime); + $self->{samba4} = new Samba4($self, $bindir, $srcdir, $server_maxtime); + bless $self; + return $self; +} + +%Samba::ENV_DEPS = (%Samba3::ENV_DEPS, %Samba4::ENV_DEPS); +our %ENV_DEPS; + +%Samba::ENV_DEPS_POST = (%Samba3::ENV_DEPS_POST, %Samba4::ENV_DEPS_POST); +our %ENV_DEPS_POST; + +%Samba::ENV_TARGETS = ( + (map { $_ => "Samba3" } keys %Samba3::ENV_DEPS), + (map { $_ => "Samba4" } keys %Samba4::ENV_DEPS), +); +our %ENV_TARGETS; + +%Samba::ENV_NEEDS_AD_DC = ( + (map { $_ => 1 } keys %Samba4::ENV_DEPS) +); +our %ENV_NEEDS_AD_DC; +foreach my $env (keys %Samba3::ENV_DEPS) { + $ENV_NEEDS_AD_DC{$env} = ($env =~ /^ad_/); +} + +sub setup_pcap($$) +{ + my ($self, $name) = @_; + + return unless ($self->{opt_socket_wrapper_pcap}); + return unless defined($ENV{SOCKET_WRAPPER_PCAP_DIR}); + + my $fname = $name; + $fname =~ s%[^abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\-]%_%g; + + my $pcap_file = "$ENV{SOCKET_WRAPPER_PCAP_DIR}/$fname.pcap"; + + SocketWrapper::setup_pcap($pcap_file); + + return $pcap_file; +} + +sub cleanup_pcap($$$) +{ + my ($self, $pcap_file, $exitcode) = @_; + + return unless ($self->{opt_socket_wrapper_pcap}); + return if ($self->{opt_socket_wrapper_keep_pcap}); + return unless ($exitcode == 0); + return unless defined($pcap_file); + + unlink($pcap_file); +} + +sub setup_env($$$) +{ + my ($self, $envname, $path) = @_; + + my $targetname = $ENV_TARGETS{$envname}; + if (not defined($targetname)) { + warn("Samba can't provide environment '$envname'"); + return "UNKNOWN"; + } + + my %targetlookup = ( + "Samba3" => $self->{samba3}, + "Samba4" => $self->{samba4} + ); + my $target = $targetlookup{$targetname}; + + if (defined($target->{vars}->{$envname})) { + return $target->{vars}->{$envname}; + } + + $target->{vars}->{$envname} = ""; + + my @dep_vars; + foreach(@{$ENV_DEPS{$envname}}) { + my $vars = $self->setup_env($_, $path); + if (defined($vars)) { + push(@dep_vars, $vars); + } else { + warn("Failed setting up $_ as a dependency of $envname"); + return undef; + } + } + + $ENV{ENVNAME} = $envname; + # Avoid hitting system krb5.conf - + # An env that needs Kerberos will reset this to the real value. + $ENV{KRB5_CONFIG} = "$path/no_krb5.conf"; + $ENV{RESOLV_CONF} = "$path/no_resolv.conf"; + + my $setup_name = $ENV_TARGETS{$envname}."::setup_".$envname; + my $setup_sub = \&$setup_name; + my $setup_pcap_file = $self->setup_pcap("env-$ENV{ENVNAME}-setup"); + my $env = &$setup_sub($target, "$path/$envname", @dep_vars); + $self->cleanup_pcap($setup_pcap_file, not defined($env)); + SocketWrapper::setup_pcap(undef); + + if (not defined($env)) { + warn("failed to start up environment '$envname'"); + return undef; + } + + $target->{vars}->{$envname} = $env; + $target->{vars}->{$envname}->{target} = $target; + + foreach(@{$ENV_DEPS_POST{$envname}}) { + if (not defined $_) { + continue; + } + my $vars = $self->setup_env($_, $path); + if (not defined($vars)) { + return undef; + } + } + + return $env; +} + +sub bindir_path($$) { + my ($object, $path) = @_; + + my $valpath = "$object->{bindir}/$path"; + my $python_cmd = ""; + my $result = $path; + if (defined $ENV{'PYTHON'}) { + $python_cmd = $ENV{'PYTHON'} . " "; + } + + if (-f $valpath or -d $valpath) { + $result = $valpath; + } + # make sure we prepend samba-tool with calling $PYTHON python version + if ($path eq "samba-tool") { + $result = $python_cmd . $result; + } + return $result; +} + +sub nss_wrapper_winbind_so_path($) { + my ($object) = @_; + my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH}; + if (not defined($ret)) { + $ret = bindir_path($object, "plugins/libnss_wrapper_winbind.so.2"); + $ret = abs_path($ret); + } + return $ret; +} + +sub copy_file_content($$) +{ + my ($in, $out) = @_; + open(IN, "${in}") or die("failed to open in[${in}] for reading: $!"); + open(OUT, ">${out}") or die("failed to open out[${out}] for writing: $!"); + while(<IN>) { + print OUT $_; + } + close(OUT); + close(IN); +} + +sub prepare_keyblobs($) +{ + my ($ctx) = @_; + + my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com"; + my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem"; + my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem"; + my $dcdnsname = "$ctx->{hostname}.$ctx->{dnsname}"; + my $dcdir = "$cadir/DCs/$dcdnsname"; + my $dccert = "$dcdir/DC-$dcdnsname-cert.pem"; + my $dckey_private = "$dcdir/DC-$dcdnsname-private-key.pem"; + my $adminprincipalname = "administrator\@$ctx->{dnsname}"; + my $admindir = "$cadir/Users/$adminprincipalname"; + my $admincert = "$admindir/USER-$adminprincipalname-cert.pem"; + my $adminkey_private = "$admindir/USER-$adminprincipalname-private-key.pem"; + my $pkinitprincipalname = "pkinit\@$ctx->{dnsname}"; + my $ca_pkinitdir = "$cadir/Users/$pkinitprincipalname"; + my $pkinitcert = "$ca_pkinitdir/USER-$pkinitprincipalname-cert.pem"; + my $pkinitkey_private = "$ca_pkinitdir/USER-$pkinitprincipalname-private-key.pem"; + + my $tlsdir = "$ctx->{tlsdir}"; + my $pkinitdir = "$ctx->{prefix_abs}/pkinit"; + #TLS and PKINIT crypto blobs + my $dhfile = "$tlsdir/dhparms.pem"; + my $cafile = "$tlsdir/ca.pem"; + my $crlfile = "$tlsdir/crl.pem"; + my $certfile = "$tlsdir/cert.pem"; + my $keyfile = "$tlsdir/key.pem"; + my $admincertfile = "$pkinitdir/USER-$adminprincipalname-cert.pem"; + my $adminkeyfile = "$pkinitdir/USER-$adminprincipalname-private-key.pem"; + my $pkinitcertfile = "$pkinitdir/USER-$pkinitprincipalname-cert.pem"; + my $pkinitkeyfile = "$pkinitdir/USER-$pkinitprincipalname-private-key.pem"; + + mkdir($tlsdir, 0700); + mkdir($pkinitdir, 0700); + my $oldumask = umask; + umask 0077; + + # This is specified here to avoid draining entropy on every run + # generate by + # openssl dhparam -out dhparms.pem -text -2 8192 + open(DHFILE, ">$dhfile"); + print DHFILE <<EOF; +-----BEGIN DH PARAMETERS----- +MIIECAKCBAEAlcpjuJptCzC2bIIApLuyFLw2nODQUztqs/peysY9e3LgWh/xrc87 +SWJNSUrqFJFh2m357WH0XGcTdTk0b/8aIYIWjbwEhWR/5hZ+1x2TDrX1awkYayAe +pr0arycmWHaAmhw+m+dBdj2O2jRMe7gn0ha85JALNl+Z3wv2q2eys8TIiQ2dbHPx +XvpMmlAv7QHZnpSpX/XgueQr6T3EYggljppZwk1fe4W2cxBjCv9w/Q83pJXMEVVB +WESEQPZC38v6hVIXIlF4J7jXjV3+NtCLL4nvsy0jrLEntyKz5OB8sNPRzJr0Ju2Y +yXORCSMMXMygP+dxJtQ6txzQYWyaCYN1HqHDZy3cFL9Qy8kTFqIcW56Lti2GsW/p +jSMzEOa1NevhKNFL3dSZJx5m+5ZeMvWXlCqXSptmVdbs5wz5jkMUm/E6pVfM5lyb +Ttlcq2iYPqnJz1jcL5xwhoufID8zSJCPJ7C0jb0Ngy5wLIUZfjXJUXxUyxTnNR9i +N9Sc+UkDvLxnCW+qzjyPXGlQU1SsJwMLWa2ZecL/uYE4bOdcN3g+5WHkevyDnXqR ++yy9x7sGXjBT3bRWK5tVHJWOi6eBu1hp39U6aK8oOJWiUt3vmC2qEdIsT6JaLNNi +YKrSfRGBf19IJBaagen1S19bb3dnmwoU1RaWM0EeJQW1oXOBg7zLisB2yuu5azBn +tse00+0nc+GbH2y+jP0sE7xil1QeilZl+aQ3tX9vL0cnCa+8602kXxU7P5HaX2+d +05pvoHmeZbDV85io36oF976gBYeYN+qAkTUMsIZhuLQDuyn0963XOLyn1Pm6SBrU +OkIZXW7WoKEuO/YSfizUIqXwmAMJjnEMJCWG51MZZKx//9Hsdp1RXSm/bRSbvXB7 +MscjvQYWmfCFnIk8LYnEt3Yey40srEiS9xyZqdrvobxz+sU1XcqR38kpVf4gKASL +xURia64s4emuJF+YHIObyydazQ+6/wX/C+m+nyfhuxSO6j1janPwtYbU+Uj3TzeM +04K1mpPQpZcaMdZZiNiu7i8VJlOPKAz7aJT8TnMMF5GMyzyLpSMpc+NF9L/BSocV +/cUM4wQT2PTHrcyYzmTVH7c9bzBkuxqrwVB1BY1jitDV9LIYIVBglKcX88qrfHIM +XiXPAIwGclD59qm2cG8OdM9NA5pNMI119KuUAIJsUdgPbR1LkT2XTT15YVoHmFSQ +DlaWOXn4td031jr0EisX8QtFR7+/0Nfoni6ydFGs5fNH/L1ckq6FEO4OhgucJw9H +YRmiFlsQBQNny78vNchwZne3ZixkShtGW0hWDdi2n+h7St1peNJCNJjMbEhRsPRx +RmNGWh4AL8rho4RO9OBao0MnUdjbbffD+wIBAg== +-----END DH PARAMETERS----- +EOF + close(DHFILE); + + if (! -e ${dckey_private}) { + umask $oldumask; + return; + } + + copy_file_content(${cacert}, ${cafile}); + copy_file_content(${cacrl_pem}, ${crlfile}); + copy_file_content(${dccert}, ${certfile}); + copy_file_content(${dckey_private}, ${keyfile}); + if (-e ${adminkey_private}) { + copy_file_content(${admincert}, ${admincertfile}); + copy_file_content(${adminkey_private}, ${adminkeyfile}); + } + if (-e ${pkinitkey_private}) { + copy_file_content(${pkinitcert}, ${pkinitcertfile}); + copy_file_content(${pkinitkey_private}, ${pkinitkeyfile}); + } + + # COMPAT stuff to be removed in a later commit + my $kdccertfile = "$tlsdir/kdc.pem"; + copy_file_content(${dccert}, ${kdccertfile}); + + umask $oldumask; +} + +sub copy_gnupg_home($) +{ + my ($ctx) = @_; + + my $gnupg_srcdir = "$ENV{SRCDIR_ABS}/selftest/gnupg"; + my @files = ( + "gpg.conf", + "pubring.gpg", + "secring.gpg", + "trustdb.gpg", + ); + + my $oldumask = umask; + umask 0077; + mkdir($ctx->{gnupghome}, 0777); + umask 0177; + foreach my $file (@files) { + my $srcfile = "${gnupg_srcdir}/${file}"; + my $dstfile = "$ctx->{gnupghome}/${file}"; + copy_file_content(${srcfile}, ${dstfile}); + } + umask $oldumask; +} + +sub mk_krb5_conf($$) +{ + my ($ctx) = @_; + + unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) { + warn("can't open $ctx->{krb5_conf}$?"); + return undef; + } + + my $our_realms_stanza = mk_realms_stanza($ctx->{realm}, + $ctx->{dnsname}, + $ctx->{domain}, + $ctx->{kdc_ipv4}); + print KRB5CONF " +#Generated krb5.conf for $ctx->{realm} + +[libdefaults] + default_realm = $ctx->{realm} + dns_lookup_realm = false + dns_lookup_kdc = true + ticket_lifetime = 24h + forwardable = yes + + # We are running on the same machine, do not correct + # system clock differences + kdc_timesync = 0 + + fcache_strict_checking = false +"; + + if (defined($ENV{MITKRB5})) { + print KRB5CONF " + # Set the grace clocskew to 5 seconds + # This is especially required by samba3.raw.session krb5 and + # reauth tests when not using Heimdal + clockskew = 5 + "; + } + + if (defined($ctx->{krb5_ccname})) { + print KRB5CONF " + default_ccache_name = $ctx->{krb5_ccname} +"; + } + + + if (defined($ctx->{supported_enctypes})) { + print KRB5CONF " + default_etypes = $ctx->{supported_enctypes} + default_as_etypes = $ctx->{supported_enctypes} + default_tgs_enctypes = $ctx->{supported_enctypes} + default_tkt_enctypes = $ctx->{supported_enctypes} + permitted_enctypes = $ctx->{supported_enctypes} +"; + } + + if (defined($ctx->{tlsdir})) { + if (defined($ENV{MITKRB5})) { + print KRB5CONF " + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + pkinit_kdc_hostname = $ctx->{hostname}.$ctx->{dnsname} + +"; + } else { + print KRB5CONF " + +[appdefaults] + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + +[kdc] + enable-pkinit = true + pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + +"; + } + } + + print KRB5CONF " +[realms] + $our_realms_stanza +"; + + close(KRB5CONF); +} + +sub append_krb5_conf_trust_realms($$) +{ + my ($ctx) = @_; + + unless (open(KRB5CONF, ">>$ctx->{KRB5_CONFIG}")) { + warn("can't open $ctx->{KRB5_CONFIG}$?"); + return undef; + } + + my $trust_realms_stanza = mk_realms_stanza($ctx->{TRUST_REALM}, + $ctx->{TRUST_DNSNAME}, + $ctx->{TRUST_DOMAIN}, + $ctx->{TRUST_SERVER_IP}); + + print KRB5CONF " $trust_realms_stanza"; + + close(KRB5CONF) +} + +sub mk_realms_stanza($$$$) +{ + my ($realm, $dnsname, $domain, $kdc_ipv4) = @_; + my $lc_domain = lc($domain); + + # The pkinit_require_krbtgt_otherName = false + # is just because the certificates we have saved + # do not have the realm in the subjectAltName + # (specially encoded as a principal) + # per + # https://github.com/heimdal/heimdal/wiki/Setting-up-PK-INIT-and-Certificates + my $realms_stanza = " + $realm = { + kdc = $kdc_ipv4:88 + admin_server = $kdc_ipv4:88 + default_domain = $dnsname + pkinit_require_krbtgt_otherName = false + } + $dnsname = { + kdc = $kdc_ipv4:88 + admin_server = $kdc_ipv4:88 + default_domain = $dnsname + pkinit_require_krbtgt_otherName = false + } + $domain = { + kdc = $kdc_ipv4:88 + admin_server = $kdc_ipv4:88 + default_domain = $dnsname + pkinit_require_krbtgt_otherName = false + } + $lc_domain = { + kdc = $kdc_ipv4:88 + admin_server = $kdc_ipv4:88 + default_domain = $dnsname + pkinit_require_krbtgt_otherName = false + } + +"; + return $realms_stanza; +} + +sub mk_mitkdc_conf($$) +{ + # samba_kdb_dir is the path to mit_samba.so + my ($ctx, $samba_kdb_dir) = @_; + + unless (open(KDCCONF, ">$ctx->{mitkdc_conf}")) { + warn("can't open $ctx->{mitkdc_conf}$?"); + return undef; + } + + print KDCCONF " +# Generated kdc.conf for $ctx->{realm} + +[kdcdefaults] + kdc_ports = 88 + kdc_tcp_ports = 88 + restrict_anonymous_to_tgt = true + +[realms] + $ctx->{realm} = { + master_key_type = aes256-cts + default_principal_flags = +preauth + pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + pkinit_eku_checking = scLogin + pkinit_indicator = pkinit + pkinit_allow_upn = true + } + + $ctx->{dnsname} = { + master_key_type = aes256-cts + default_principal_flags = +preauth + pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + pkinit_eku_checking = scLogin + pkinit_indicator = pkinit + pkinit_allow_upn = true + } + + $ctx->{domain} = { + master_key_type = aes256-cts + default_principal_flags = +preauth + pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + pkinit_eku_checking = scLogin + pkinit_indicator = pkinit + pkinit_allow_upn = true + } + +[dbmodules] + db_module_dir = $samba_kdb_dir + + $ctx->{realm} = { + db_library = samba + } + + $ctx->{dnsname} = { + db_library = samba + } + + $ctx->{domain} = { + db_library = samba + } + +[logging] + kdc = FILE:$ctx->{logdir}/mit_kdc.log +"; + + close(KDCCONF); +} + +sub mk_resolv_conf($$) +{ + my ($ctx) = @_; + + unless (open(RESOLV_CONF, ">$ctx->{resolv_conf}")) { + warn("can't open $ctx->{resolv_conf}$?"); + return undef; + } + + print RESOLV_CONF "nameserver $ctx->{dns_ipv4}\n"; + print RESOLV_CONF "nameserver $ctx->{dns_ipv6}\n"; + close(RESOLV_CONF); +} + +sub realm_to_ip_mappings +{ + # this maps the DNS realms for the various testenvs to the corresponding + # PDC (i.e. the first DC created for that realm). + my %realm_to_pdc_mapping = ( + 'adnonssdom.samba.example.com' => 'addc_no_nss', + 'adnontlmdom.samba.example.com' => 'addc_no_ntlm', + 'samba2000.example.com' => 'dc5', + 'samba2003.example.com' => 'dc6', + 'samba2008r2.example.com' => 'dc7', + 'addom.samba.example.com' => 'addc', + 'addom2.samba.example.com' => 'addcsmb1', + 'sub.samba.example.com' => 'localsubdc', + 'chgdcpassword.samba.example.com' => 'chgdcpass', + 'backupdom.samba.example.com' => 'backupfromdc', + 'renamedom.samba.example.com' => 'renamedc', + 'labdom.samba.example.com' => 'labdc', + 'schema.samba.example.com' => 'liveupgrade1dc', + 'prockilldom.samba.example.com' => 'prockilldc', + 'proclimit.samba.example.com' => 'proclimitdc', + 'samba.example.com' => 'localdc', + 'fips.samba.example.com' => 'fipsdc', + ); + + my @mapping = (); + + # convert the hashmap to a list of key=value strings, where key is the + # realm and value is the IP address + foreach my $realm (sort(keys %realm_to_pdc_mapping)) { + my $pdc = $realm_to_pdc_mapping{$realm}; + my $ipaddr = get_ipv4_addr($pdc); + push(@mapping, "$realm=$ipaddr"); + } + # return the mapping as a single comma-separated string + return join(',', @mapping); +} + +sub get_interface($) +{ + my ($netbiosname) = @_; + $netbiosname = lc($netbiosname); + + # this maps the SOCKET_WRAPPER_DEFAULT_IFACE value for each possible + # testenv to the DC's NETBIOS name. This value also corresponds to last + # digit of the DC's IP address. Note that the NETBIOS name may differ from + # the testenv name. + # Note that when adding a DC with a new realm, also update + # get_realm_ip_mappings() above. + my %testenv_iface_mapping = ( + localnt4dc2 => 3, + localnt4member3 => 4, + localshare4 => 5, + # 6 is spare + localktest6 => 7, + maptoguest => 8, + localnt4dc9 => 9, + # 10 is spare + + # 11-16 are used by selftest.pl for the client.conf. Most tests only + # use the first .11 IP. However, some tests (like winsreplication) rely + # on the client having multiple IPs. + client => 11, + + addc_no_nss => 17, + addc_no_ntlm => 18, + idmapadmember => 19, + idmapridmember => 20, + localdc => 21, + localvampiredc => 22, + s4member => 23, + localrpcproxy => 24, + dc5 => 25, + dc6 => 26, + dc7 => 27, + rodc => 28, + localadmember => 29, + addc => 30, + localsubdc => 31, + chgdcpass => 32, + promotedvdc => 33, + rfc2307member => 34, + fileserver => 35, + fakednsforwarder1 => 36, + fakednsforwarder2 => 37, + s4member_dflt => 38, + vampire2000dc => 39, + backupfromdc => 40, + restoredc => 41, + renamedc => 42, + labdc => 43, + offlinebackupdc => 44, + customdc => 45, + prockilldc => 46, + proclimitdc => 47, + liveupgrade1dc => 48, + liveupgrade2dc => 49, + ctdb0 => 50, + ctdb1 => 51, + ctdb2 => 52, + fileserversmb1 => 53, + addcsmb1 => 54, + lclnt4dc2smb1 => 55, + fipsdc => 56, + fipsadmember => 57, + offlineadmem => 58, + s2kmember => 59, + admemidmapnss => 60, + localadmember2 => 61, + admemautorid => 62, + + rootdnsforwarder => 64, + + # Note: that you also need to update dns_hub.py when adding a new + # multi-DC testenv + # update lib/socket_wrapper/socket_wrapper.c + # #define MAX_WRAPPED_INTERFACES 64 + # if you wish to have more than 64 interfaces + ); + + if (not defined($testenv_iface_mapping{$netbiosname})) { + die(); + } + + return $testenv_iface_mapping{$netbiosname}; +} + +sub get_ipv4_addr +{ + my ($hostname, $iface_num) = @_; + my $swiface = Samba::get_interface($hostname); + + # Handle testenvs with multiple different addresses, i.e. IP multihoming. + # Currently only the selftest client has multiple IPv4 addresses. + if (defined($iface_num)) { + $swiface += $iface_num; + } + + return "10.53.57.$swiface"; +} + +sub get_ipv6_addr +{ + (my $hostname) = @_; + my $swiface = Samba::get_interface($hostname); + + return sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface); +} + +# returns the 'interfaces' setting for smb.conf, i.e. the IPv4/IPv6 +# addresses for testenv +sub get_interfaces_config +{ + my ($hostname, $num_ips) = @_; + my $interfaces = ""; + + # We give the client.conf multiple different IPv4 addresses. + # All other testenvs generally just have one IPv4 address. + if (! defined($num_ips)) { + $num_ips = 1; + } + for (my $i = 0; $i < $num_ips; $i++) { + my $ipv4_addr = Samba::get_ipv4_addr($hostname, $i); + if (use_namespaces()) { + # use a /24 subnet with network namespaces + $interfaces .= "$ipv4_addr/24 "; + } else { + $interfaces .= "$ipv4_addr/8 "; + } + } + + my $ipv6_addr = Samba::get_ipv6_addr($hostname); + $interfaces .= "$ipv6_addr/64"; + + return $interfaces; +} + +sub cleanup_child($$) +{ + my ($pid, $name) = @_; + + if (!defined($pid)) { + print STDERR "cleanup_child: pid not defined ... not calling waitpid\n"; + return -1; + } + + my $childpid = waitpid($pid, WNOHANG); + + if ($childpid == 0) { + } elsif ($childpid < 0) { + printf STDERR "%s child process %d isn't here any more\n", $name, $pid; + return $childpid; + } elsif ($? & 127) { + printf STDERR "%s child process %d, died with signal %d, %s coredump\n", + $name, $childpid, ($? & 127), ($? & 128) ? 'with' : 'without'; + } else { + printf STDERR "%s child process %d exited with value %d\n", $name, $childpid, $? >> 8; + } + return $childpid; +} + +sub random_domain_sid() +{ + my $domain_sid = "S-1-5-21-". int(rand(4294967295)) . "-" . int(rand(4294967295)) . "-" . int(rand(4294967295)); + return $domain_sid; +} + +# sets the environment variables ready for running a given process +sub set_env_for_process +{ + my ($proc_name, $env_vars, $proc_envs) = @_; + + if (not defined($proc_envs)) { + $proc_envs = get_env_for_process($proc_name, $env_vars); + } + + foreach my $key (keys %{ $proc_envs }) { + $ENV{$key} = $proc_envs->{$key}; + } +} + +sub get_env_for_process +{ + my ($proc_name, $env_vars) = @_; + my $proc_envs = { + RESOLV_CONF => $env_vars->{RESOLV_CONF}, + KRB5_CONFIG => $env_vars->{KRB5_CONFIG}, + KRB5CCNAME => "$env_vars->{KRB5_CCACHE}.$proc_name", + GNUPGHOME => $env_vars->{GNUPGHOME}, + SELFTEST_WINBINDD_SOCKET_DIR => $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR}, + NMBD_SOCKET_DIR => $env_vars->{NMBD_SOCKET_DIR}, + NSS_WRAPPER_PASSWD => $env_vars->{NSS_WRAPPER_PASSWD}, + NSS_WRAPPER_GROUP => $env_vars->{NSS_WRAPPER_GROUP}, + NSS_WRAPPER_HOSTS => $env_vars->{NSS_WRAPPER_HOSTS}, + NSS_WRAPPER_HOSTNAME => $env_vars->{NSS_WRAPPER_HOSTNAME}, + NSS_WRAPPER_MODULE_SO_PATH => $env_vars->{NSS_WRAPPER_MODULE_SO_PATH}, + NSS_WRAPPER_MODULE_FN_PREFIX => $env_vars->{NSS_WRAPPER_MODULE_FN_PREFIX}, + UID_WRAPPER_ROOT => "1", + ENVNAME => "$ENV{ENVNAME}.$proc_name", + }; + + if (defined($env_vars->{RESOLV_WRAPPER_CONF})) { + $proc_envs->{RESOLV_WRAPPER_CONF} = $env_vars->{RESOLV_WRAPPER_CONF}; + } else { + $proc_envs->{RESOLV_WRAPPER_HOSTS} = $env_vars->{RESOLV_WRAPPER_HOSTS}; + } + if (defined($env_vars->{GNUTLS_FORCE_FIPS_MODE})) { + $proc_envs->{GNUTLS_FORCE_FIPS_MODE} = $env_vars->{GNUTLS_FORCE_FIPS_MODE}; + } + if (defined($env_vars->{OPENSSL_FORCE_FIPS_MODE})) { + $proc_envs->{OPENSSL_FORCE_FIPS_MODE} = $env_vars->{OPENSSL_FORCE_FIPS_MODE}; + } + return $proc_envs; +} + +sub fork_and_exec +{ + my ($self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup) = @_; + my $SambaCtx = $self; + $SambaCtx = $self->{SambaCtx} if defined($self->{SambaCtx}); + + # we close the child's write-end of the pipe and redirect the + # read-end to its stdin. That way the daemon will receive an + # EOF on stdin when parent selftest process closes its + # write-end. + $child_cleanup //= sub { close($env_vars->{STDIN_PIPE}) }; + + unlink($daemon_ctx->{LOG_FILE}); + print "STARTING $daemon_ctx->{NAME} for $ENV{ENVNAME}..."; + + my $parent_pid = $$; + my $pid = fork(); + + # exec the daemon in the child process + if ($pid == 0) { + my @preargs = (); + + # redirect the daemon's stdout/stderr to a log file + if (defined($daemon_ctx->{TEE_STDOUT})) { + # in some cases, we want out from samba to go to the log file, + # but also to the users terminal when running 'make test' on the + # command line. This puts it on stderr on the terminal + open STDOUT, "| tee $daemon_ctx->{LOG_FILE} 1>&2"; + } else { + open STDOUT, ">$daemon_ctx->{LOG_FILE}"; + } + open STDERR, '>&STDOUT'; + + SocketWrapper::set_default_iface($env_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}); + if (defined($daemon_ctx->{PCAP_FILE})) { + $SambaCtx->setup_pcap("$daemon_ctx->{PCAP_FILE}"); + } + + # setup ENV variables in the child process + set_env_for_process($daemon_ctx->{NAME}, $env_vars, + $daemon_ctx->{ENV_VARS}); + + $child_cleanup->(); + + # not all s3 daemons run in all testenvs (e.g. fileserver doesn't + # run winbindd). In which case, the child process just sleeps + if (defined($daemon_ctx->{SKIP_DAEMON})) { + $SIG{USR1} = $SIG{ALRM} = $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { + my $signame = shift; + print("Skip $daemon_ctx->{NAME} received signal $signame"); + exit 0; + }; + my $poll = IO::Poll->new(); + $poll->mask($STDIN_READER, POLLIN); + $poll->poll($self->{server_maxtime}); + exit 0; + } + + $ENV{MAKE_TEST_BINARY} = $daemon_ctx->{BINARY_PATH}; + + open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; + + # if using kernel namespaces, prepend the command so the process runs in + # its own namespace + if (Samba::use_namespaces()) { + @preargs = ns_exec_preargs($parent_pid, $env_vars); + } + + # the command args are stored as an array reference (because...Perl), + # so convert the reference back to an array + my @full_cmd = @{ $daemon_ctx->{FULL_CMD} }; + + exec(@preargs, @full_cmd) or die("Unable to start $ENV{MAKE_TEST_BINARY}: $!"); + } + + print "DONE ($pid)\n"; + + # if using kernel namespaces, we now establish a connection between the + # main selftest namespace (i.e. this process) and the new child namespace + if (use_namespaces()) { + ns_child_forked($pid, $env_vars); + } + + return $pid; +} + +my @exported_envvars = ( + # domain stuff + "DOMAIN", + "DNSNAME", + "REALM", + "DOMSID", + + # stuff related to a trusted domain + "TRUST_SERVER", + "TRUST_USERNAME", + "TRUST_PASSWORD", + "TRUST_DOMAIN", + "TRUST_REALM", + "TRUST_DOMSID", + + # stuff related to a trusted domain, on a trust_member + # the domain behind a forest trust (two-way) + "TRUST_F_BOTH_SERVER", + "TRUST_F_BOTH_SERVER_IP", + "TRUST_F_BOTH_SERVER_IPV6", + "TRUST_F_BOTH_NETBIOSNAME", + "TRUST_F_BOTH_USERNAME", + "TRUST_F_BOTH_PASSWORD", + "TRUST_F_BOTH_DOMAIN", + "TRUST_F_BOTH_REALM", + + # stuff related to a trusted domain, on a trust_member + # the domain behind an external trust (two-way) + "TRUST_E_BOTH_SERVER", + "TRUST_E_BOTH_SERVER_IP", + "TRUST_E_BOTH_SERVER_IPV6", + "TRUST_E_BOTH_NETBIOSNAME", + "TRUST_E_BOTH_USERNAME", + "TRUST_E_BOTH_PASSWORD", + "TRUST_E_BOTH_DOMAIN", + "TRUST_E_BOTH_REALM", + + # domain controller stuff + "DC_SERVER", + "DC_SERVER_IP", + "DC_SERVER_IPV6", + "DC_NETBIOSNAME", + "DC_NETBIOSALIAS", + + # server stuff + "SERVER", + "SERVER_IP", + "SERVER_IPV6", + "NETBIOSNAME", + "NETBIOSALIAS", + "SAMSID", + + # only use these 2 as a last resort. Some tests need to test both client- + # side and server-side. In this case, run as default client, ans access + # server's smb.conf as needed, typically using: + # param.LoadParm(filename_for_non_global_lp=os.environ['SERVERCONFFILE']) + "SERVERCONFFILE", + "DC_SERVERCONFFILE", + + # user stuff + "USERNAME", + "USERID", + "PASSWORD", + "DC_USERNAME", + "DC_PASSWORD", + + # UID/GID for rfc2307 mapping tests + "UID_RFC2307TEST", + "GID_RFC2307TEST", + + # misc stuff + "KRB5_CONFIG", + "KRB5CCNAME", + "GNUPGHOME", + "SELFTEST_WINBINDD_SOCKET_DIR", + "NMBD_SOCKET_DIR", + "LOCAL_PATH", + "DNS_FORWARDER1", + "DNS_FORWARDER2", + "RESOLV_CONF", + "UNACCEPTABLE_PASSWORD", + "LOCK_DIR", + "SMBD_TEST_LOG", + + # nss_wrapper + "NSS_WRAPPER_PASSWD", + "NSS_WRAPPER_GROUP", + "NSS_WRAPPER_HOSTS", + "NSS_WRAPPER_HOSTNAME", + "NSS_WRAPPER_MODULE_SO_PATH", + "NSS_WRAPPER_MODULE_FN_PREFIX", + + # resolv_wrapper + "RESOLV_WRAPPER_CONF", + "RESOLV_WRAPPER_HOSTS", +); + +sub exported_envvars_str +{ + my ($testenv_vars) = @_; + my $out = ""; + + foreach (@exported_envvars) { + next unless defined($testenv_vars->{$_}); + $out .= $_."=".$testenv_vars->{$_}."\n"; + } + + return $out; +} + +sub clear_exported_envvars +{ + foreach (@exported_envvars) { + delete $ENV{$_}; + } +} + +sub export_envvars +{ + my ($testenv_vars) = @_; + + foreach (@exported_envvars) { + if (defined($testenv_vars->{$_})) { + $ENV{$_} = $testenv_vars->{$_}; + } else { + delete $ENV{$_}; + } + } +} + +sub export_envvars_to_file +{ + my ($filepath, $testenv_vars) = @_; + my $env_str = exported_envvars_str($testenv_vars); + + open(FILE, "> $filepath"); + print FILE "$env_str"; + close(FILE); +} + +# Returns true if kernel namespaces are being used instead of socket-wrapper. +# The default is false. +sub use_namespaces +{ + return defined($ENV{USE_NAMESPACES}); +} + +# returns a given testenv's interface-name (only when USE_NAMESPACES=1) +sub ns_interface_name +{ + my ($hostname) = @_; + + # when using namespaces, each testenv has its own vethX interface, + # where X = Samba::get_interface(testenv_name) + my $iface = get_interface($hostname); + return "veth$iface"; +} + +# Called after a new child namespace has been forked +sub ns_child_forked +{ + my ($child_pid, $env_vars) = @_; + + # we only need to do this for the first child forked for this testenv + if (defined($env_vars->{NS_PID})) { + return; + } + + # store the child PID. It's the only way the main (selftest) namespace can + # access the new child (testenv) namespace. + $env_vars->{NS_PID} = $child_pid; + + # Add the new child namespace's interface to the main selftest bridge. + # This connects together the various testenvs so that selftest can talk to + # them all + my $iface = ns_interface_name($env_vars->{NETBIOSNAME}); + system "$ENV{SRCDIR}/selftest/ns/add_bridge_iface.sh $iface-br selftest0"; +} + +# returns args to prepend to a command in order to execute it the correct +# namespace for the testenv (creating a new namespace if needed). +# This should only used when USE_NAMESPACES=1 is set. +sub ns_exec_preargs +{ + my ($parent_pid, $env_vars) = @_; + + # NS_PID stores the pid of the first child daemon run in this namespace + if (defined($env_vars->{NS_PID})) { + + # the namespace has already been created previously. So we use nsenter + # to execute the command in the given testenv's namespace. We need to + # use the NS_PID to identify this particular namespace + return ("nsenter", "-t", "$env_vars->{NS_PID}", "--net"); + } else { + + # We need to create a new namespace for this daemon (i.e. we're + # setting up a new testenv). First, write the environment variables to + # an exports.sh file for this testenv (for convenient access by the + # namespace scripts). + my $exports_file = "$env_vars->{TESTENV_DIR}/exports.sh"; + export_envvars_to_file($exports_file, $env_vars); + + # when using namespaces, each testenv has its own veth interface + my $interface = ns_interface_name($env_vars->{NETBIOSNAME}); + + # we use unshare to create a new network namespace. The start_in_ns.sh + # helper script gets run first to setup the new namespace's interfaces. + # (This all gets prepended around the actual command to run in the new + # namespace) + return ("unshare", "--net", "$ENV{SRCDIR}/selftest/ns/start_in_ns.sh", + $interface, $exports_file, $parent_pid); + } +} + + +sub check_env { + my ($self, $envvars) = @_; + return 1; +} + +sub teardown_env { + my ($self, $env) = @_; + return 1; +} + + +sub getlog_env { + return ''; +} + +1; diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm new file mode 100755 index 0000000..8f680b7 --- /dev/null +++ b/selftest/target/Samba3.pm @@ -0,0 +1,4182 @@ +#!/usr/bin/perl +# Bootstrap Samba and run a number of tests against it. +# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org> +# Published under the GNU GPL, v3 or later. + +# NOTE: Refer to the README for more details about the various testenvs, +# and tips about adding new testenvs. + +package Samba3; + +use strict; +use warnings; +use Cwd qw(abs_path); +use FindBin qw($RealBin); +use POSIX; +use target::Samba; +use File::Path 'remove_tree'; + +sub return_alias_env +{ + my ($self, $path, $env) = @_; + + # just an alias + return $env; +} + +sub have_ads($) { + my ($self) = @_; + my $found_ads = 0; + my $smbd_build_options = Samba::bindir_path($self, "smbd") . " --configfile=/dev/null -b|"; + open(IN, $smbd_build_options) or die("Unable to run $smbd_build_options: $!"); + + while (<IN>) { + if (/WITH_ADS/) { + $found_ads = 1; + } + } + close IN; + + # If we were not built with ADS support, pretend we were never even available + print "smbd does not have ADS support\n" unless $found_ads; + return $found_ads; +} + +# return smb.conf parameters applicable to @path, based on the underlying +# filesystem type +sub get_fs_specific_conf($$) +{ + my ($self, $path) = @_; + my $mods = ""; + my $stat_out = `stat --file-system $path` or return ""; + + if ($stat_out =~ m/Type:\s+btrfs/) { + $mods .= "streams_xattr btrfs"; + } + + if ($mods) { + return "vfs objects = $mods"; + } + + return ''; +} + +sub new($$) { + my ($classname, $SambaCtx, $bindir, $srcdir, $server_maxtime) = @_; + my $self = { vars => {}, + SambaCtx => $SambaCtx, + bindir => $bindir, + srcdir => $srcdir, + server_maxtime => $server_maxtime + }; + bless $self; + return $self; +} + +sub teardown_env($$) +{ + my ($self, $envvars) = @_; + + if (defined($envvars->{CTDB_PREFIX})) { + $self->teardown_env_ctdb($envvars); + } else { + $self->teardown_env_samba($envvars); + } + + return; +} + +sub teardown_env_samba($$) +{ + my ($self, $envvars) = @_; + my $count = 0; + + # This should cause smbd to terminate gracefully + close($envvars->{STDIN_PIPE}); + + my $smbdpid = $envvars->{SMBD_TL_PID}; + my $nmbdpid = $envvars->{NMBD_TL_PID}; + my $winbinddpid = $envvars->{WINBINDD_TL_PID}; + my $samba_dcerpcdpid = $envvars->{SAMBA_DCERPCD_TL_PID}; + + # This should give it time to write out the gcov data + until ($count > 20) { + my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); + my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); + my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); + my $samba_dcerpcdchild = Samba::cleanup_child( + $samba_dcerpcdpid, "samba-dcerpcd"); + if ($smbdchild == -1 + && $nmbdchild == -1 + && $winbinddchild == -1 + && $samba_dcerpcdpid == -1) { + last; + } + sleep(1); + $count++; + } + + if ($count <= 20 && + kill(0, $smbdpid, $nmbdpid, $winbinddpid, $samba_dcerpcdpid) == 0) { + return; + } + + $self->stop_sig_term($smbdpid); + $self->stop_sig_term($nmbdpid); + $self->stop_sig_term($winbinddpid); + $self->stop_sig_term($samba_dcerpcdpid); + + $count = 0; + until ($count > 10) { + my $smbdchild = Samba::cleanup_child($smbdpid, "smbd"); + my $nmbdchild = Samba::cleanup_child($nmbdpid, "nmbd"); + my $winbinddchild = Samba::cleanup_child($winbinddpid, "winbindd"); + my $samba_dcerpcdpid = Samba::cleanup_child( + $samba_dcerpcdpid, "samba-dcerpcd"); + if ($smbdchild == -1 + && $nmbdchild == -1 + && $winbinddchild == -1 + && $samba_dcerpcdpid == -1) { + last; + } + sleep(1); + $count++; + } + + if ($count <= 10 && + kill(0, $smbdpid, $nmbdpid, $winbinddpid, $samba_dcerpcdpid) == 0) { + return; + } + + warn("timelimit process did not quit on SIGTERM, sending SIGKILL"); + $self->stop_sig_kill($smbdpid); + $self->stop_sig_kill($nmbdpid); + $self->stop_sig_kill($winbinddpid); + $self->stop_sig_kill($samba_dcerpcdpid); + + return 0; +} + +sub teardown_env_ctdb($$) +{ + my ($self, $data) = @_; + + if (defined($data->{SAMBA_NODES})) { + my $num_nodes = $data->{NUM_NODES}; + my $nodes = $data->{SAMBA_NODES}; + + for (my $i = 0; $i < $num_nodes; $i++) { + if (defined($nodes->[$i])) { + $self->teardown_env_samba($nodes->[$i]); + } + } + } + + close($data->{CTDB_STDIN_PIPE}); + + if (not defined($data->{SAMBA_NODES})) { + # Give waiting children time to exit + sleep(5); + } + + return 0; +} + +sub getlog_env_app($$$) +{ + my ($self, $envvars, $name) = @_; + + my $title = "$name LOG of: $envvars->{NETBIOSNAME}\n"; + my $out = $title; + + open(LOG, "<".$envvars->{$name."_TEST_LOG"}); + + seek(LOG, $envvars->{$name."_TEST_LOG_POS"}, SEEK_SET); + while (<LOG>) { + $out .= $_; + } + $envvars->{$name."_TEST_LOG_POS"} = tell(LOG); + close(LOG); + + return "" if $out eq $title; + + return $out; +} + +sub getlog_env($$) +{ + my ($self, $envvars) = @_; + my $ret = ""; + + $ret .= $self->getlog_env_app($envvars, "SMBD"); + $ret .= $self->getlog_env_app($envvars, "NMBD"); + $ret .= $self->getlog_env_app($envvars, "WINBINDD"); + + return $ret; +} + +sub check_env($$) +{ + my ($self, $envvars) = @_; + + my $childpid = waitpid(-1, WNOHANG); + + # TODO ... + return 1; +} + +# Declare the environments Samba3 makes available. +# To be set up, they will be called as +# samba3->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...) +%Samba3::ENV_DEPS = ( + # name => [dep_1, dep_2, ...], + nt4_dc => [], + nt4_dc_smb1 => [], + nt4_dc_smb1_done => ["nt4_dc_smb1"], + nt4_dc_schannel => [], + + simpleserver => [], + fileserver => [], + fileserver_smb1 => [], + fileserver_smb1_done => ["fileserver_smb1"], + maptoguest => [], + ktest => [], + + nt4_member => ["nt4_dc"], + + ad_member => ["ad_dc", "fl2008r2dc", "fl2003dc"], + ad_member_rfc2307 => ["ad_dc_ntvfs"], + ad_member_idmap_rid => ["ad_dc"], + admem_idmap_autorid => ["ad_dc"], + ad_member_idmap_ad => ["fl2008r2dc"], + ad_member_fips => ["ad_dc_fips"], + ad_member_offlogon => ["ad_dc"], + ad_member_oneway => ["fl2000dc"], + ad_member_idmap_nss => ["ad_dc"], + ad_member_s3_join => ["ad_dc"], + + clusteredmember => ["nt4_dc"], +); + +%Samba3::ENV_DEPS_POST = (); + +sub setup_nt4_dc +{ + my ($self, $path, $more_conf, $server) = @_; + + print "PROVISIONING NT4 DC..."; + + my $nt4_dc_options = " + domain master = yes + domain logons = yes + lanman auth = yes + ntlm auth = yes + raw NTLMv2 auth = yes + rpc start on demand helpers = false + + CVE_2020_1472:warn_about_unused_debug_level = 3 + server require schannel:schannel0\$ = no + server require schannel:schannel1\$ = no + server require schannel:schannel2\$ = no + server require schannel:schannel3\$ = no + server require schannel:schannel4\$ = no + server require schannel:schannel5\$ = no + server require schannel:schannel6\$ = no + server require schannel:schannel7\$ = no + server require schannel:schannel8\$ = no + server require schannel:schannel9\$ = no + server require schannel:schannel10\$ = no + server require schannel:schannel11\$ = no + server require schannel:torturetest\$ = no + + server schannel require seal:schannel0\$ = no + server schannel require seal:schannel1\$ = no + server schannel require seal:schannel2\$ = no + server schannel require seal:schannel3\$ = no + server schannel require seal:schannel4\$ = no + server schannel require seal:schannel5\$ = no + server schannel require seal:schannel6\$ = no + server schannel require seal:schannel7\$ = no + server schannel require seal:schannel8\$ = no + server schannel require seal:schannel9\$ = no + server schannel require seal:schannel10\$ = no + server schannel require seal:schannel11\$ = no + server schannel require seal:torturetest\$ = no + + vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no + + fss: sequence timeout = 1 + check parent directory delete on close = yes +"; + + if (defined($more_conf)) { + $nt4_dc_options = $nt4_dc_options . $more_conf; + } + if (!defined($server)) { + $server = "LOCALNT4DC2"; + } + my $vars = $self->provision( + prefix => $path, + domain => "SAMBA-TEST", + server => $server, + password => "localntdc2pass", + extra_options => $nt4_dc_options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + samba_dcerpcd => "yes", + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $vars->{DOMSID} = $vars->{SAMSID}; + $vars->{DC_SERVER} = $vars->{SERVER}; + $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; + $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; + $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; + $vars->{DC_USERNAME} = $vars->{USERNAME}; + $vars->{DC_PASSWORD} = $vars->{PASSWORD}; + + return $vars; +} + +sub setup_nt4_dc_smb1 +{ + my ($self, $path) = @_; + my $conf = " +[global] + client min protocol = CORE + server min protocol = LANMAN1 +"; + return $self->setup_nt4_dc($path, $conf, "LCLNT4DC2SMB1"); +} + +sub setup_nt4_dc_smb1_done +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env); +} + +sub setup_nt4_dc_schannel +{ + my ($self, $path) = @_; + + print "PROVISIONING NT4 DC WITH SERVER SCHANNEL ..."; + + my $pdc_options = " + domain master = yes + domain logons = yes + lanman auth = yes + + server schannel = yes + # used to reproduce bug #12772 + server max protocol = SMB2_02 +"; + + my $vars = $self->provision( + prefix => $path, + domain => "NT4SCHANNEL", + server => "LOCALNT4DC9", + password => "localntdc9pass", + extra_options => $pdc_options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $vars->{DOMSID} = $vars->{SAMSID}; + $vars->{DC_SERVER} = $vars->{SERVER}; + $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; + $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; + $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; + $vars->{DC_USERNAME} = $vars->{USERNAME}; + $vars->{DC_PASSWORD} = $vars->{PASSWORD}; + + return $vars; +} + +sub setup_nt4_member +{ + my ($self, $prefix, $nt4_dc_vars) = @_; + my $count = 0; + my $rc; + + print "PROVISIONING MEMBER..."; + + my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes"; + if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") { + $require_mutexes = ""; + } + + my $member_options = " + security = domain + dbwrap_tdb_mutexes:* = yes + ${require_mutexes} +"; + my $ret = $self->provision( + prefix => $prefix, + domain => $nt4_dc_vars->{DOMAIN}, + server => "LOCALNT4MEMBER3", + password => "localnt4member3pass", + extra_options => $member_options); + + $ret or return undef; + + my $nmblookup = Samba::bindir_path($self, "nmblookup"); + do { + print "Waiting for the LOGON SERVER registration ...\n"; + $rc = system("$nmblookup $ret->{CONFIGURATION} $ret->{DOMAIN}\#1c"); + if ($rc != 0) { + sleep(1); + } + $count++; + } while ($rc != 0 && $count < 10); + if ($count == 10) { + print "NMBD not reachable after 10 retries\n"; + teardown_env($self, $ret); + return 0; + } + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net rpc join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member"; + $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # Add hosts file for name lookups + $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net $ret->{CONFIGURATION} primarytrust dumpinfo | grep -q 'REDACTED SECRET VALUES'"; + + if (system($cmd) != 0) { + warn("check failed\n$cmd"); + return undef; + } + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DOMSID} = $nt4_dc_vars->{DOMSID}; + $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER}; + $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME}; + $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD}; + + return $ret; +} + +sub setup_clusteredmember +{ + my ($self, $prefix, $nt4_dc_vars) = @_; + my $count = 0; + my $rc; + my @retvals = (); + my $ret; + + print "PROVISIONING CLUSTEREDMEMBER...\n"; + + my $prefix_abs = abs_path($prefix); + mkdir($prefix_abs, 0777); + + my $server_name = "CLUSTEREDMEMBER"; + + my $ctdb_data = $self->setup_ctdb($prefix); + + if (not $ctdb_data) { + print "No ctdb data\n"; + return undef; + } + + print "PROVISIONING CLUSTERED SAMBA...\n"; + + my $num_nodes = $ctdb_data->{NUM_NODES}; + my $nodes = $ctdb_data->{CTDB_NODES}; + + # Enable cleanup of earlier nodes if a later node fails + $ctdb_data->{SAMBA_NODES} = \@retvals; + + for (my $i = 0; $i < $num_nodes; $i++) { + my $node = $nodes->[$i]; + my $socket = $node->{SOCKET_FILE}; + my $server_name = $node->{SERVER_NAME}; + my $pub_iface = $node->{SOCKET_WRAPPER_DEFAULT_IFACE}; + my $node_prefix = $node->{NODE_PREFIX}; + + print "NODE_PREFIX=${node_prefix}\n"; + print "SOCKET=${socket}\n"; + + my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes"; + if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") { + $require_mutexes = "" ; + } + + my $member_options = " + security = domain + server signing = on + clustering = yes + ctdbd socket = ${socket} + include = registry + dbwrap_tdb_mutexes:* = yes + ${require_mutexes} +"; + + my $node_ret = $self->provision( + prefix => "$node_prefix", + domain => $nt4_dc_vars->{DOMAIN}, + server => "$server_name", + password => "clustermember8pass", + netbios_name => "CLUSTEREDMEMBER", + share_dir => "${prefix_abs}/shared", + extra_options => $member_options, + no_delete_prefix => 1); + if (not $node_ret) { + print "Provision node $i failed\n"; + teardown_env($self, $ctdb_data); + return undef; + } + + my $registry_share_template = "$node_ret->{SERVERCONFFILE}.registry_share_template"; + unless (open(REGISTRYCONF, ">$registry_share_template")) { + warn("Unable to open $registry_share_template"); + teardown_env($self, $node_ret); + teardown_env($self, $ctdb_data); + return undef; + } + + print REGISTRYCONF " +[registry_share] + copy = tmp + comment = smb username is [%U] +"; + + close(REGISTRYCONF); + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + + $cmd .= "UID_WRAPPER_ROOT=1 "; + $cmd .= "$net conf import $node_ret->{CONFIGURATION} ${registry_share_template}"; + + my $net_ret = system($cmd); + if ($net_ret != 0) { + warn("net conf import failed: $net_ret\n$cmd"); + teardown_env($self, $node_ret); + teardown_env($self, $ctdb_data); + return undef; + } + + my $nmblookup = Samba::bindir_path($self, "nmblookup"); + do { + print "Waiting for the LOGON SERVER registration ...\n"; + $rc = system("$nmblookup $node_ret->{CONFIGURATION} " . + "$node_ret->{DOMAIN}\#1c"); + if ($rc != 0) { + sleep(1); + } + $count++; + } while ($rc != 0 && $count < 10); + + if ($count == 10) { + print "NMBD not reachable after 10 retries\n"; + teardown_env($self, $node_ret); + teardown_env($self, $ctdb_data); + return undef; + } + + push(@retvals, $node_ret); + } + + $ret = {%$ctdb_data, %{$retvals[0]}}; + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + $cmd .= "UID_WRAPPER_ROOT=1 "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION} $nt4_dc_vars->{DOMAIN} member"; + $cmd .= " -U$nt4_dc_vars->{USERNAME}\%$nt4_dc_vars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + teardown_env($self, $ret); + return undef; + } + + for (my $i=0; $i<@retvals; $i++) { + my $node_provision = $retvals[$i]; + my $ok; + $ok = $self->check_or_start( + env_vars => $node_provision, + winbindd => "yes", + smbd => "yes", + child_cleanup => sub { + map { + my $fh = $_->{STDIN_PIPE}; + close($fh) if defined($fh); + } @retvals }); + if (not $ok) { + teardown_env($self, $ret); + return undef; + } + } + + # + # Build a unclist for every share + # + unless (open(NODES, "<$ret->{CTDB_NODES_FILE}")) { + warn("Unable to open CTDB nodes file"); + teardown_env($self, $ret); + return undef; + } + my @nodes = <NODES>; + close(NODES); + chomp @nodes; + + my $conffile = $ret->{SERVERCONFFILE}; + $cmd = ""; + $cmd .= 'sed -n -e \'s|^\[\(.*\)\]$|\1|p\''; + $cmd .= " \"$conffile\""; + $cmd .= " | grep -vx 'global'"; + + my @shares = `$cmd`; + $rc = $?; + if ($rc != 0) { + warn("Listing shares failed\n$cmd"); + teardown_env($self, $ret); + return undef; + } + chomp @shares; + + my $unclistdir = "${prefix_abs}/unclists"; + mkdir($unclistdir, 0777); + foreach my $share (@shares) { + my $l = "${unclistdir}/${share}.txt"; + unless (open(UNCLIST, ">${l}")) { + warn("Unable to open UNC list ${l}"); + teardown_env($self, $ret); + return undef; + } + foreach my $node (@nodes) { + print UNCLIST "//${node}/${share}\n"; + } + close(UNCLIST); + } + + $ret->{DOMSID} = $nt4_dc_vars->{DOMSID}; + $ret->{DC_SERVER} = $nt4_dc_vars->{SERVER}; + $ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $nt4_dc_vars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $nt4_dc_vars->{USERNAME}; + $ret->{DC_PASSWORD} = $nt4_dc_vars->{PASSWORD}; + + return $ret; +} + +sub provision_ad_member +{ + my ($self, + $prefix, + $machine_account, + $dcvars, + $trustvars_f, + $trustvars_e, + $extra_member_options, + $force_fips_mode, + $offline_logon, + $no_nss_winbind) = @_; + + if (defined($offline_logon) && defined($no_nss_winbind)) { + warn ("Offline logon incompatible with no nss winbind\n"); + return undef; + } + + my $prefix_abs = abs_path($prefix); + my @dirs = (); + + mkdir($prefix_abs, 0777); + + my $share_dir="$prefix_abs/share"; + push(@dirs, $share_dir); + + my $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/U_alice/G_domain users"; + push(@dirs, $substitution_path); + + # Using '/' as the winbind separator is a bad idea ... + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}"; + push(@dirs, $substitution_path); + + $substitution_path = "$share_dir/D_$dcvars->{DOMAIN}/u_$dcvars->{DOMAIN}/alice/g_$dcvars->{DOMAIN}/domain users"; + push(@dirs, $substitution_path); + + my $option_offline_logon = "no"; + if (defined($offline_logon)) { + $option_offline_logon = "yes"; + } + + my $netbios_aliases = ""; + if ($machine_account eq "LOCALADMEMBER") { + $netbios_aliases = "netbios aliases = foo bar"; + } + + unless (defined($extra_member_options)) { + $extra_member_options = ""; + } + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + $netbios_aliases + template homedir = /home/%D/%G/%U + auth event notification = true + password server = $dcvars->{SERVER} + winbind scan trusted domains = no + winbind offline logon = $option_offline_logon + + allow dcerpc auth level connect:lsarpc = yes + dcesrv:max auth states = 8 + rpc start on demand helpers = false + + # Begin extra member options + $extra_member_options + # End extra member options + +[sub_dug] + path = $share_dir/D_%D/U_%U/G_%G + writeable = yes + +[sub_dug2] + path = $share_dir/D_%D/u_%u/g_%g + writeable = yes + +[sub_valid_users] + path = $share_dir + valid users = ADDOMAIN/%U + +[sub_valid_users_domain] + path = $share_dir + valid users = %D/%U + +[sub_valid_users_group] + path = $share_dir + valid users = \@$dcvars->{DOMAIN}/%G + +[valid_users] + path = $share_dir + valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} + +[valid_users_group] + path = $share_dir + valid users = \"\@$dcvars->{DOMAIN}/domain users\" + +[valid_users_unix_group] + path = $share_dir + valid users = \"+$dcvars->{DOMAIN}/domain users\" + +[valid_users_nis_group] + path = $share_dir + valid users = \"&$dcvars->{DOMAIN}/domain users\" + +[valid_users_unix_nis_group] + path = $share_dir + valid users = \"+&$dcvars->{DOMAIN}/domain users\" + +[valid_users_nis_unix_group] + path = $share_dir + valid users = \"&+$dcvars->{DOMAIN}/domain users\" + +[invalid_users] + path = $share_dir + invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} + +[valid_and_invalid_users] + path = $share_dir + valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} $dcvars->{DOMAIN}/alice + invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => $machine_account, + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + mkdir($_, 0777) foreach(@dirs); + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + if (defined($force_fips_mode)) { + $ret->{GNUTLS_FORCE_FIPS_MODE} = "1"; + $ret->{OPENSSL_FORCE_FIPS_MODE} = "1"; + } + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + if (defined($force_fips_mode)) { + $cmd .= "GNUTLS_FORCE_FIPS_MODE=1 "; + $cmd .= "OPENSSL_FORCE_FIPS_MODE=1 "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD} --use-kerberos=required"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (defined($offline_logon)) { + my $wbinfo = Samba::bindir_path($self, "wbinfo"); + + if (not $self->check_or_start( + env_vars => $ret, + winbindd => "yes")) { + return undef; + } + + # Fill samlogoncache for alice + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --pam-logon=ADDOMAIN/alice%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --ccache-save=ADDOMAIN/alice%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + # Fill samlogoncache for bob + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --pam-logon=ADDOMAIN/bob%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$wbinfo --ccache-save=ADDOMAIN/bob%Secret007"; + if (system($cmd) != 0) { + warn("Filling the cache failed\n$cmd"); + return undef; + } + + # Set windindd offline + my $smbcontrol = Samba::bindir_path($self, "smbcontrol"); + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "UID_WRAPPER_ROOT='1' "; + $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd offline"; + if (system($cmd) != 0) { + warn("Setting winbindd offline failed\n$cmd"); + return undef; + } + + # Validate the offline cache + $cmd = "NSS_WRAPPER_PASSWD='$ret->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$ret->{NSS_WRAPPER_GROUP}' "; + $cmd .= "UID_WRAPPER_ROOT='1' "; + $cmd .= "$smbcontrol $ret->{CONFIGURATION} winbindd validate-cache"; + if (system($cmd) != 0) { + warn("Validation of winbind credential cache failed\n$cmd"); + teardown_env($self, $ret); + return undef; + } + + # Shut down winbindd + teardown_env($self, $ret); + + ### Change SOCKET_WRAPPER_DIR so it can't connect to AD + my $swrap_env = $ENV{SOCKET_WRAPPER_DIR}; + $ENV{SOCKET_WRAPPER_DIR} = "$prefix_abs"; + + # Start winbindd in offline mode + if (not $self->check_or_start( + env_vars => $ret, + winbindd => "offline")) { + return undef; + } + + # Set socket dir again + $ENV{SOCKET_WRAPPER_DIR} = $swrap_env; + + } else { + if (defined($no_nss_winbind)) { + $ret->{NSS_WRAPPER_MODULE_SO_PATH} = ""; + $ret->{NSS_WRAPPER_MODULE_FN_PREFIX} = ""; + } + + if (not $self->check_or_start( + env_vars => $ret, + samba_dcerpcd => "yes", + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_SERVERCONFFILE} = $dcvars->{SERVERCONFFILE}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + # forest trust + $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER}; + $ret->{TRUST_F_BOTH_SERVER_IP} = $trustvars_f->{SERVER_IP}; + $ret->{TRUST_F_BOTH_SERVER_IPV6} = $trustvars_f->{SERVER_IPV6}; + $ret->{TRUST_F_BOTH_NETBIOSNAME} = $trustvars_f->{NETBIOSNAME}; + $ret->{TRUST_F_BOTH_USERNAME} = $trustvars_f->{USERNAME}; + $ret->{TRUST_F_BOTH_PASSWORD} = $trustvars_f->{PASSWORD}; + $ret->{TRUST_F_BOTH_DOMAIN} = $trustvars_f->{DOMAIN}; + $ret->{TRUST_F_BOTH_REALM} = $trustvars_f->{REALM}; + + # external trust + $ret->{TRUST_E_BOTH_SERVER} = $trustvars_e->{SERVER}; + $ret->{TRUST_E_BOTH_SERVER_IP} = $trustvars_e->{SERVER_IP}; + $ret->{TRUST_E_BOTH_SERVER_IPV6} = $trustvars_e->{SERVER_IPV6}; + $ret->{TRUST_E_BOTH_NETBIOSNAME} = $trustvars_e->{NETBIOSNAME}; + $ret->{TRUST_E_BOTH_USERNAME} = $trustvars_e->{USERNAME}; + $ret->{TRUST_E_BOTH_PASSWORD} = $trustvars_e->{PASSWORD}; + $ret->{TRUST_E_BOTH_DOMAIN} = $trustvars_e->{DOMAIN}; + $ret->{TRUST_E_BOTH_REALM} = $trustvars_e->{REALM}; + + return $ret; +} + +sub setup_ad_member +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER..."; + + return $self->provision_ad_member($prefix, + "LOCALADMEMBER", + $dcvars, + $trustvars_f, + $trustvars_e); +} + +sub setup_ad_member_s3_join +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER..."; + + return $self->provision_ad_member($prefix, + "LOCALADMEMBER2", + $dcvars, + $trustvars_f, + $trustvars_e); +} + +sub setup_ad_member_rfc2307 +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap cache time = 0 + idmap negative cache time = 0 + idmap config * : backend = autorid + idmap config * : range = 1000000-1999999 + idmap config * : rangesize = 100000 + idmap config $dcvars->{DOMAIN} : backend = rfc2307 + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + idmap config $dcvars->{DOMAIN} : ldap_server = ad + idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com + idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com + + password server = $dcvars->{SERVER} +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "RFC2307MEMBER", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + return $ret; +} + +sub setup_admem_idmap_autorid +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_autorid config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap config * : backend = autorid + idmap config * : range = 1000000-19999999 + idmap config * : rangesize = 1000000 + + # Prevent overridding the provisioned lib/krb5.conf which sets certain + # values required for tests to succeed + create krb5 conf = no +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "ADMEMAUTORID", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + return $ret; +} + +sub setup_ad_member_idmap_rid +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_rid config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + idmap config $dcvars->{DOMAIN} : backend = rid + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + # Prevent overridding the provisioned lib/krb5.conf which sets certain + # values required for tests to succeed + create krb5 conf = no + map to guest = bad user + server signing = required +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "IDMAPRIDMEMBER", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + return $ret; +} + +sub setup_ad_member_idmap_ad +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_ad config..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + password server = $dcvars->{SERVER} + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + idmap config $dcvars->{DOMAIN} : backend = ad + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + idmap config $dcvars->{DOMAIN} : unix_primary_group = yes + idmap config $dcvars->{DOMAIN} : unix_nss_info = yes + idmap config $dcvars->{TRUST_DOMAIN} : backend = ad + idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999 + gensec_gssapi:requested_life_time = 5 +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, + server => "IDMAPADMEMBER", + password => "loCalMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "yes", + smbd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; + $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; + $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD}; + $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN}; + $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM}; + $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID}; + + return $ret; +} + +sub setup_ad_member_oneway +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH one-way trust..."; + + my $member_options = " + security = ads + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + password server = $dcvars->{SERVER} + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + gensec_gssapi:requested_life_time = 5 +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => $dcvars->{DOMAIN}, + server => "S2KMEMBER", + password => "loCalS2KMemberPass", + extra_options => $member_options, + resolv_conf => $dcvars->{RESOLV_CONF}); + + $ret or return undef; + + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + $ret->{DOMSID} = $dcvars->{DOMSID}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6}; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + # Add hosts file for name lookups + my $cmd = "NSS_WRAPPER_HOSTS='$ret->{NSS_WRAPPER_HOSTS}' "; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($ret->{RESOLV_WRAPPER_CONF})) { + $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" "; + } + $cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + if (not $self->check_or_start( + env_vars => $ret, + winbindd => "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; + $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; + $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD}; + $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN}; + $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM}; + $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID}; + + return $ret; +} + +sub setup_ad_member_fips +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD FIPS MEMBER..."; + + return $self->provision_ad_member($prefix, + "FIPSADMEMBER", + $dcvars, + $trustvars_f, + $trustvars_e, + undef, + 1); +} + +sub setup_ad_member_offlogon +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER OFFLINE LOGON..."; + + return $self->provision_ad_member($prefix, + "OFFLINEADMEM", + $dcvars, + $trustvars_f, + $trustvars_e, + undef, + undef, + 1); +} + +sub setup_ad_member_idmap_nss +{ + my ($self, + $prefix, + $dcvars, + $trustvars_f, + $trustvars_e) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING AD MEMBER WITHOUT NSS WINBIND WITH idmap_nss config..."; + + my $extra_member_options = " + # bob:x:65521:65531:localbob gecos:/:/bin/false + # jane:x:65520:65531:localjane gecos:/:/bin/false + # jackthemapper:x:65519:65531:localjackthemaper gecos:/:/bin/false + # jacknomapper:x:65518:65531:localjacknomaper gecos:/:/bin/false + idmap config $dcvars->{DOMAIN} : backend = nss + idmap config $dcvars->{DOMAIN} : range = 65518-65521 + + # Support SMB1 so that we can use posix_whoami(). + client min protocol = CORE + server min protocol = LANMAN1 + + username map = $prefix/lib/username.map +"; + + my $ret = $self->provision_ad_member($prefix, + "ADMEMIDMAPNSS", + $dcvars, + $trustvars_f, + $trustvars_e, + $extra_member_options, + undef, + undef, + 1); + + open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map"); + print USERMAP " +!jacknomapper = \@jackthemappergroup +!root = jacknomappergroup +root = $dcvars->{DOMAIN}/root +bob = $dcvars->{DOMAIN}/bob +"; + close(USERMAP); + + return $ret; +} + +sub setup_simpleserver +{ + my ($self, $path) = @_; + + print "PROVISIONING simple server..."; + + my $prefix_abs = abs_path($path); + mkdir($prefix_abs, 0777); + + my $external_streams_depot="$prefix_abs/external_streams_depot"; + remove_tree($external_streams_depot); + mkdir($external_streams_depot, 0777); + + my $simpleserver_options = " + lanman auth = yes + ntlm auth = yes + vfs objects = xattr_tdb streams_depot + change notify = no + server smb encrypt = off + +[vfs_aio_pthread] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + aio_pthread:aio open = yes + smbd async dosmode = no + +[vfs_aio_pthread_async_dosmode_default1] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[vfs_aio_pthread_async_dosmode_default2] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread xattr_tdb + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[async_dosmode_shadow_copy2] + path = $prefix_abs/share + read only = no + vfs objects = shadow_copy2 xattr_tdb + smbd async dosmode = yes + +[vfs_aio_fork] + path = $prefix_abs/share + vfs objects = aio_fork + read only = no + vfs_aio_fork:erratic_testing_mode=yes + +[dosmode] + path = $prefix_abs/share + vfs objects = + store dos attributes = yes + hide files = /hidefile/ + hide dot files = yes + +[hidenewfiles] + path = $prefix_abs/share + hide new files timeout = 5 + +[external_streams_depot] + path = $prefix_abs/share + read only = no + streams_depot:directory = $external_streams_depot +"; + + my $vars = $self->provision( + prefix => $path, + domain => "WORKGROUP", + server => "LOCALSHARE4", + password => "local4pass", + extra_options => $simpleserver_options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + smbd => "yes")) { + return undef; + } + + return $vars; +} + +sub create_file_chmod($$) +{ + my ($name, $mode) = @_; + my $fh; + + unless (open($fh, '>', $name)) { + warn("Unable to open $name"); + return undef; + } + chmod($mode, $fh); +} + +sub setup_fileserver +{ + my ($self, $path, $more_conf, $server) = @_; + my $prefix_abs = abs_path($path); + my $srcdir_abs = abs_path($self->{srcdir}); + + print "PROVISIONING file server ...\n"; + + my @dirs = (); + + mkdir($prefix_abs, 0777); + + my $usershare_dir="$prefix_abs/lib/usershare"; + + mkdir("$prefix_abs/lib", 0755); + remove_tree($usershare_dir); + mkdir($usershare_dir, 01770); + + my $share_dir="$prefix_abs/share"; + + # Create share directory structure + my $lower_case_share_dir="$share_dir/lower-case"; + push(@dirs, $lower_case_share_dir); + + my $lower_case_share_dir_30000="$share_dir/lower-case-30000"; + push(@dirs, $lower_case_share_dir_30000); + + my $dfree_share_dir="$share_dir/dfree"; + push(@dirs, $dfree_share_dir); + push(@dirs, "$dfree_share_dir/subdir1"); + push(@dirs, "$dfree_share_dir/subdir2"); + push(@dirs, "$dfree_share_dir/subdir3"); + + my $quotadir_dir="$share_dir/quota"; + push(@dirs, $quotadir_dir); + + my $valid_users_sharedir="$share_dir/valid_users"; + push(@dirs,$valid_users_sharedir); + + my $offline_sharedir="$share_dir/offline"; + push(@dirs,$offline_sharedir); + + my $force_user_valid_users_dir = "$share_dir/force_user_valid_users"; + push(@dirs, $force_user_valid_users_dir); + + my $smbget_sharedir="$share_dir/smbget"; + push(@dirs,$smbget_sharedir); + + my $tarmode_sharedir="$share_dir/tarmode"; + push(@dirs,$tarmode_sharedir); + + my $tarmode2_sharedir="$share_dir/tarmode2"; + push(@dirs,$tarmode2_sharedir); + + my $smbcacls_sharedir="$share_dir/smbcacls"; + push(@dirs,$smbcacls_sharedir); + + my $usershare_sharedir="$share_dir/usershares"; + push(@dirs,$usershare_sharedir); + + my $dropbox_sharedir="$share_dir/dropbox"; + push(@dirs,$dropbox_sharedir); + + my $bad_iconv_sharedir="$share_dir/bad_iconv"; + push(@dirs, $bad_iconv_sharedir); + + my $veto_sharedir="$share_dir/veto"; + push(@dirs,$veto_sharedir); + + my $virusfilter_sharedir="$share_dir/virusfilter"; + push(@dirs,$virusfilter_sharedir); + + my $delete_unwrite_sharedir="$share_dir/delete_unwrite"; + push(@dirs,$delete_unwrite_sharedir); + push(@dirs, "$delete_unwrite_sharedir/delete_veto_yes"); + push(@dirs, "$delete_unwrite_sharedir/delete_veto_no"); + + my $volume_serial_number_sharedir="$share_dir/volume_serial_number"; + push(@dirs, $volume_serial_number_sharedir); + + my $ip4 = Samba::get_ipv4_addr("FILESERVER"); + my $fileserver_options = " + kernel change notify = yes + spotlight backend = elasticsearch + elasticsearch:address = $ip4 + elasticsearch:port = 8080 + elasticsearch:mappings = $srcdir_abs/source3/rpc_server/mdssvc/elasticsearch_mappings.json + + usershare path = $usershare_dir + usershare max shares = 10 + usershare allow guests = yes + usershare prefix allow list = $usershare_sharedir + + get quota command = $prefix_abs/getset_quota.py + set quota command = $prefix_abs/getset_quota.py +[tarmode] + path = $tarmode_sharedir + comment = tar test share + xattr_tdb:file = $prefix_abs/tarmode-xattr.tdb +[tarmode2] + path = $tarmode2_sharedir + comment = tar test share + xattr_tdb:file = $prefix_abs/tarmode2-xattr.tdb +[spotlight] + path = $share_dir + spotlight = yes + read only = no +[no_spotlight] + path = $share_dir + spotlight = no + read only = no +[lowercase] + path = $lower_case_share_dir + comment = smb username is [%U] + case sensitive = True + default case = lower + preserve case = no + short preserve case = no +[lowercase-30000] + path = $lower_case_share_dir_30000 + comment = smb username is [%U] + case sensitive = True + default case = lower + preserve case = no + short preserve case = no +[dfree] + path = $dfree_share_dir + comment = smb username is [%U] + dfree command = $srcdir_abs/testprogs/blackbox/dfree.sh +[valid-users-access] + path = $valid_users_sharedir + valid users = +userdup +[offline] + path = $offline_sharedir + vfs objects = offline + +# BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878 +# RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651 +[force_user_valid_users] + path = $force_user_valid_users_dir + comment = force user with valid users combination test share + valid users = +force_user + force user = force_user + force group = everyone + write list = force_user + +[smbget] + path = $smbget_sharedir + comment = smb username is [%U] + guest ok = yes +[ign_sysacls] + path = $share_dir + comment = ignore system acls + acl_xattr:ignore system acls = yes +[inherit_owner] + path = $share_dir + comment = inherit owner + inherit owner = yes +[inherit_owner_u] + path = $share_dir + comment = inherit only unix owner + inherit owner = unix only + acl_xattr:ignore system acls = yes +# BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 +[force_group_test] + path = $share_dir + comment = force group test +# force group = everyone + +[create_mode_664] + path = $share_dir + comment = smb username is [%U] + create mask = 0644 + force create mode = 0664 + vfs objects = dirsort + +[dropbox] + path = $dropbox_sharedir + comment = smb username is [%U] + writeable = yes + vfs objects = + +[bad_iconv] + path = $bad_iconv_sharedir + comment = smb username is [%U] + vfs objects = + +[veto_files_nodelete] + path = $veto_sharedir + read only = no + msdfs root = yes + veto files = /veto_name*/ + delete veto files = no + +[veto_files_delete] + path = $veto_sharedir + msdfs root = yes + veto files = /veto_name*/ + delete veto files = yes + +[delete_veto_files_only] + path = $veto_sharedir + delete veto files = yes + +[veto_files_nohidden] + path = $veto_sharedir + veto files = /.*/ + +[veto_files] + path = $veto_sharedir + veto files = /veto_name*/ + +[delete_yes_unwrite] + read only = no + path = $delete_unwrite_sharedir + hide unwriteable files = yes + delete veto files = yes + +[delete_no_unwrite] + read only = no + path = $delete_unwrite_sharedir + hide unwriteable files = yes + delete veto files = no + +[virusfilter] + path = $virusfilter_sharedir + vfs objects = acl_xattr virusfilter + virusfilter:scanner = dummy + virusfilter:min file size = 0 + virusfilter:infected files = *infected* + virusfilter:infected file action = rename + virusfilter:scan on close = yes + vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no + +[volumeserialnumber] + path = $volume_serial_number_sharedir + volume serial number = 0xdeadbeef + +[ea_acl_xattr] + path = $share_dir + vfs objects = acl_xattr + acl_xattr:security_acl_name = user.hackme + read only = no + +[homes] + comment = Home directories + browseable = No + read only = No +"; + + if (defined($more_conf)) { + $fileserver_options = $fileserver_options . $more_conf; + } + if (!defined($server)) { + $server = "FILESERVER"; + } + + my $vars = $self->provision( + prefix => $path, + domain => "WORKGROUP", + server => $server, + password => "fileserver", + extra_options => $fileserver_options, + no_delete_prefix => 1); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + smbd => "yes")) { + return undef; + } + + + mkdir($_, 0777) foreach(@dirs); + + ## Create case sensitive lower case share dir + foreach my $file ('a'..'z') { + my $full_path = $lower_case_share_dir . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + for (my $file = 1; $file < 51; ++$file) { + my $full_path = $lower_case_share_dir . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + # Create content for 30000 share + foreach my $file ('a'..'z') { + my $full_path = $lower_case_share_dir_30000 . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + for (my $file = 1; $file < 30001; ++$file) { + my $full_path = $lower_case_share_dir_30000 . '/' . $file; + open my $fh, '>', $full_path; + # Add some content to file + print $fh $full_path; + close $fh; + } + + ## + ## create a listable file in valid_users_share + ## + create_file_chmod("$valid_users_sharedir/foo", 0644) or return undef; + + ## + ## create a valid utf8 filename which is invalid as a CP850 conversion + ## + create_file_chmod("$bad_iconv_sharedir/\xED\x9F\xBF", 0644) or return undef; + + ## + ## create unwritable files inside inside the delete unwrite veto share dirs. + ## + unlink("$delete_unwrite_sharedir/delete_veto_yes/file_444"); + create_file_chmod("$delete_unwrite_sharedir/delete_veto_yes/file_444", 0444) or return undef; + unlink("$delete_unwrite_sharedir/delete_veto_no/file_444"); + create_file_chmod("$delete_unwrite_sharedir/delete_veto_no/file_444", 0444) or return undef; + + return $vars; +} + +sub setup_fileserver_smb1 +{ + my ($self, $path) = @_; + my $prefix_abs = abs_path($path); + my $conf = " +[global] + client min protocol = CORE + server min protocol = LANMAN1 + +[hidenewfiles] + path = $prefix_abs/share + hide new files timeout = 5 +[vfs_aio_pthread] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + aio_pthread:aio open = yes + smbd async dosmode = no + +[vfs_aio_pthread_async_dosmode_default1] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[vfs_aio_pthread_async_dosmode_default2] + path = $prefix_abs/share + read only = no + vfs objects = aio_pthread xattr_tdb + store dos attributes = yes + aio_pthread:aio open = yes + smbd async dosmode = yes + +[vfs_aio_fork] + path = $prefix_abs/share + vfs objects = aio_fork + read only = no + vfs_aio_fork:erratic_testing_mode=yes +"; + return $self->setup_fileserver($path, $conf, "FILESERVERSMB1"); +} + +sub setup_fileserver_smb1_done +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env); +} + +sub setup_ktest +{ + my ($self, $prefix) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING server with security=ads..."; + + my $ktest_options = " + workgroup = KTEST + realm = ktest.samba.example.com + security = ads + server signing = required + server min protocol = SMB3_00 + client max protocol = SMB3 + + # This disables NTLM auth against the local SAM, which + # we use can then test this setting by. + ntlm auth = disabled + + idmap config * : backend = autorid + idmap config * : range = 1000000-1999999 + idmap config * : rangesize = 100000 +"; + + my $ret = $self->provision( + prefix => $prefix, + domain => "KTEST", + server => "LOCALKTEST6", + password => "localktest6pass", + extra_options => $ktest_options); + + $ret or return undef; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = "KTEST"; + $ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM"; + $ctx->{dnsname} = lc($ctx->{realm}); + $ctx->{kdc_ipv4} = "0.0.0.0"; + $ctx->{kdc_ipv6} = "::"; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + +#This is the secrets.tdb created by 'net ads join' from Samba3 to a +#Samba4 DC with the same parameters as are being used here. The +#domain SID is S-1-5-21-1071277805-689288055-3486227160 + $ret->{SAMSID} = "S-1-5-21-1911091480-1468226576-2729736297"; + $ret->{DOMSID} = "S-1-5-21-1071277805-689288055-3486227160"; + + system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb"); + chmod 0600, "$prefix/private/secrets.tdb"; + +#Make sure there's no old ntdb file. + system("rm -f $prefix/private/secrets.ntdb"); + +#This uses a pre-calculated krb5 credentials cache, obtained by running Samba4 with: +# "--option=kdc:service ticket lifetime=239232" "--option=kdc:user ticket lifetime=239232" "--option=kdc:renewal lifetime=239232" +# +#and having in krb5.conf: +# ticket_lifetime = 799718400 +# renew_lifetime = 799718400 +# +# The commands for the -2 keytab where were: +# kinit administrator@KTEST.SAMBA.EXAMPLE.COM +# kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM +# kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM +# kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM +# kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM +# +# and then for the -3 keytab, I did +# +# net changetrustpw; kdestroy and the same again. +# +# This creates a credential cache with a very long lifetime (2036 at +# at 2011-04), and shows that running 'net changetrustpw' does not +# break existing logins (for the secrets.tdb method at least). +# + + $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2"); + chmod 0600, "$prefix/krb5_ccache-2"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3"); + chmod 0600, "$prefix/krb5_ccache-3"; + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by ktest can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start( + env_vars => $ret, + nmbd => "yes", + winbindd => "offline", + smbd => "yes")) { + return undef; + } + return $ret; +} + +sub setup_maptoguest +{ + my ($self, $path) = @_; + my $prefix_abs = abs_path($path); + my $libdir="$prefix_abs/lib"; + my $share_dir="$prefix_abs/share"; + my $errorinjectconf="$libdir/error_inject.conf"; + + print "PROVISIONING maptoguest..."; + + my $options = " +map to guest = bad user +ntlm auth = yes +server min protocol = LANMAN1 + +[force_user_error_inject] + path = $share_dir + vfs objects = acl_xattr fake_acls xattr_tdb error_inject + force user = user1 + include = $errorinjectconf +"; + + my $vars = $self->provision( + prefix => $path, + domain => "WORKGROUP", + server => "maptoguest", + password => "maptoguestpass", + extra_options => $options); + + $vars or return undef; + + if (not $self->check_or_start( + env_vars => $vars, + nmbd => "yes", + smbd => "yes")) { + return undef; + } + + return $vars; +} + +sub stop_sig_term($$) { + my ($self, $pid) = @_; + kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid: $!"); +} + +sub stop_sig_kill($$) { + my ($self, $pid) = @_; + kill("ALRM", $pid) or warn("Unable to kill $pid: $!"); +} + +sub write_pid($$$) +{ + my ($env_vars, $app, $pid) = @_; + + open(PID, ">$env_vars->{PIDDIR}/timelimit.$app.pid"); + print PID $pid; + close(PID); +} + +sub read_pid($$) +{ + my ($env_vars, $app) = @_; + + open(PID, "<$env_vars->{PIDDIR}/timelimit.$app.pid"); + my $pid = <PID>; + close(PID); + return $pid; +} + +# builds up the cmd args to run an s3 binary (i.e. smbd, nmbd, etc) +sub make_bin_cmd +{ + my ($self, $binary, $env_vars, $options, $valgrind, $dont_log_stdout) = @_; + + my @optargs = (); + if (defined($options)) { + @optargs = split(/ /, $options); + } + my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime}); + + if (defined($valgrind)) { + @preargs = split(/ /, $valgrind); + } + my @args = ("-F", "--no-process-group", + "--configfile=$env_vars->{SERVERCONFFILE}", + "-l", $env_vars->{LOGDIR}); + + if (not defined($dont_log_stdout)) { + push(@args, "--debug-stdout"); + } + return (@preargs, $binary, @args, @optargs); +} + +sub check_or_start($$) { + my ($self, %args) = @_; + my $env_vars = $args{env_vars}; + my $nmbd = $args{nmbd} // "no"; + my $winbindd = $args{winbindd} // "no"; + my $smbd = $args{smbd} // "no"; + my $samba_dcerpcd = $args{samba_dcerpcd} // "no"; + my $child_cleanup = $args{child_cleanup}; + + my $STDIN_READER; + + # use a pipe for stdin in the child processes. This allows + # those processes to monitor the pipe for EOF to ensure they + # exit when the test script exits + pipe($STDIN_READER, $env_vars->{STDIN_PIPE}); + + my $binary = Samba::bindir_path($self, "samba-dcerpcd"); + my @full_cmd = $self->make_bin_cmd( + $binary, + $env_vars, + $ENV{SAMBA_DCERPCD_OPTIONS}, + $ENV{SAMBA_DCERPCD_VALGRIND}, + $ENV{SAMBA_DCERPCD_DONT_LOG_STDOUT}); + push(@full_cmd, '--libexec-rpcds'); + + my $samba_dcerpcd_envs = Samba::get_env_for_process( + "samba_dcerpcd", $env_vars); + + # fork and exec() samba_dcerpcd in the child process + my $daemon_ctx = { + NAME => "samba_dcerpcd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{SAMBA_DCERPCD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-samba_dcerpcd", + ENV_VARS => $samba_dcerpcd_envs, + }; + if ($samba_dcerpcd ne "yes") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + + my $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{SAMBA_DCERPCD_TL_PID} = $pid; + write_pid($env_vars, "samba_dcerpcd", $pid); + + $binary = Samba::bindir_path($self, "nmbd"); + @full_cmd = $self->make_bin_cmd($binary, $env_vars, + $ENV{NMBD_OPTIONS}, $ENV{NMBD_VALGRIND}, + $ENV{NMBD_DONT_LOG_STDOUT}); + my $nmbd_envs = Samba::get_env_for_process("nmbd", $env_vars); + delete $nmbd_envs->{RESOLV_WRAPPER_CONF}; + delete $nmbd_envs->{RESOLV_WRAPPER_HOSTS}; + + # fork and exec() nmbd in the child process + $daemon_ctx = { + NAME => "nmbd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{NMBD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-nmbd", + ENV_VARS => $nmbd_envs, + }; + if ($nmbd ne "yes") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{NMBD_TL_PID} = $pid; + write_pid($env_vars, "nmbd", $pid); + + $binary = Samba::bindir_path($self, "winbindd"); + @full_cmd = $self->make_bin_cmd($binary, $env_vars, + $ENV{WINBINDD_OPTIONS}, + $ENV{WINBINDD_VALGRIND}, + $ENV{WINBINDD_DONT_LOG_STDOUT}); + + # fork and exec() winbindd in the child process + $daemon_ctx = { + NAME => "winbindd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{WINBINDD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-winbindd", + }; + if ($winbindd ne "yes" and $winbindd ne "offline") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + + $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{WINBINDD_TL_PID} = $pid; + write_pid($env_vars, "winbindd", $pid); + + $binary = Samba::bindir_path($self, "smbd"); + @full_cmd = $self->make_bin_cmd($binary, $env_vars, + $ENV{SMBD_OPTIONS}, $ENV{SMBD_VALGRIND}, + $ENV{SMBD_DONT_LOG_STDOUT}); + + # fork and exec() smbd in the child process + $daemon_ctx = { + NAME => "smbd", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{SMBD_TEST_LOG}, + PCAP_FILE => "env-$ENV{ENVNAME}-smbd", + }; + if ($smbd ne "yes") { + $daemon_ctx->{SKIP_DAEMON} = 1; + } + + $pid = Samba::fork_and_exec( + $self, $env_vars, $daemon_ctx, $STDIN_READER, $child_cleanup); + + $env_vars->{SMBD_TL_PID} = $pid; + write_pid($env_vars, "smbd", $pid); + + # close the parent's read-end of the pipe + close($STDIN_READER); + + return $self->wait_for_start($env_vars, + $nmbd, + $winbindd, + $smbd, + $samba_dcerpcd); +} + +sub createuser($$$$$) +{ + my ($self, $username, $password, $conffile, $env) = @_; + my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $username > /dev/null"; + + keys %$env; + while(my($var, $val) = each %$env) { + $cmd = "$var=\"$val\" $cmd"; + } + + unless (open(PWD, "|$cmd")) { + warn("Unable to set password for $username account\n$cmd"); + return undef; + } + print PWD "$password\n$password\n"; + unless (close(PWD)) { + warn("Unable to set password for $username account\n$cmd"); + return undef; + } +} + +sub provision($$) +{ + my ($self, %args) = @_; + + my $prefix = $args{prefix}; + my $domain = $args{domain}; + my $realm = $args{realm}; + my $server = $args{server}; + my $password = $args{password}; + my $extra_options = $args{extra_options}; + my $resolv_conf = $args{resolv_conf}; + my $no_delete_prefix= $args{no_delete_prefix}; + my $netbios_name = $args{netbios_name} // $server; + my $server_log_level = $ENV{SERVER_LOG_LEVEL} || 1; + + ## + ## setup the various environment variables we need + ## + + my $samsid = Samba::random_domain_sid(); + my $swiface = Samba::get_interface($server); + my %ret = (); + my %createuser_env = (); + my $server_ip = Samba::get_ipv4_addr($server); + my $server_ipv6 = Samba::get_ipv6_addr($server); + my $dns_domain; + if (defined($realm)) { + $dns_domain = lc($realm); + } else { + $dns_domain = "samba.example.com"; + } + + my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`); + chomp $unix_name; + my $unix_uid = $>; + my $unix_gids_str = $); + my @unix_gids = split(" ", $unix_gids_str); + + my $prefix_abs = abs_path($prefix); + my $bindir_abs = abs_path($self->{bindir}); + + my @dirs = (); + + my $shrdir=$args{share_dir} // "$prefix_abs/share"; + push(@dirs,$shrdir); + + my $libdir="$prefix_abs/lib"; + push(@dirs,$libdir); + + my $piddir="$prefix_abs/pid"; + push(@dirs,$piddir); + + my $privatedir="$prefix_abs/private"; + push(@dirs,$privatedir); + + my $cachedir = "$prefix_abs/cachedir"; + push(@dirs, $cachedir); + + my $binddnsdir = "$prefix_abs/bind-dns"; + push(@dirs, $binddnsdir); + + my $lockdir="$prefix_abs/lockdir"; + push(@dirs,$lockdir); + + my $eventlogdir="$prefix_abs/lockdir/eventlog"; + push(@dirs,$eventlogdir); + + my $logdir="$prefix_abs/logs"; + push(@dirs,$logdir); + + my $driver32dir="$shrdir/W32X86"; + push(@dirs,$driver32dir); + + my $driver64dir="$shrdir/x64"; + push(@dirs,$driver64dir); + + my $driver40dir="$shrdir/WIN40"; + push(@dirs,$driver40dir); + + my $ro_shrdir="$shrdir/root-tmp"; + push(@dirs,$ro_shrdir); + + my $noperm_shrdir="$shrdir/noperm-tmp"; + push(@dirs,$noperm_shrdir); + + my $msdfs_shrdir="$shrdir/msdfsshare"; + push(@dirs,$msdfs_shrdir); + + my $msdfs_shrdir2="$shrdir/msdfsshare2"; + push(@dirs,$msdfs_shrdir2); + + my $msdfs_deeppath="$msdfs_shrdir/deeppath"; + push(@dirs,$msdfs_deeppath); + + my $smbcacls_sharedir_dfs="$shrdir/smbcacls_sharedir_dfs"; + push(@dirs,$smbcacls_sharedir_dfs); + + my $smbcacls_share="$shrdir/smbcacls_share"; + push(@dirs,$smbcacls_share); + + my $smbcacls_share_testdir="$shrdir/smbcacls_share/smbcacls"; + push(@dirs,$smbcacls_share_testdir); + + my $badnames_shrdir="$shrdir/badnames"; + push(@dirs,$badnames_shrdir); + + my $lease1_shrdir="$shrdir/dynamic"; + push(@dirs,$lease1_shrdir); + + my $manglenames_shrdir="$shrdir/manglenames"; + push(@dirs,$manglenames_shrdir); + + my $widelinks_shrdir="$shrdir/widelinks"; + push(@dirs,$widelinks_shrdir); + + my $widelinks_linkdir="$shrdir/widelinks_foo"; + push(@dirs,$widelinks_linkdir); + + my $fsrvp_shrdir="$shrdir/fsrvp"; + push(@dirs,$fsrvp_shrdir); + + my $shadow_tstdir="$shrdir/shadow"; + push(@dirs,$shadow_tstdir); + my $shadow_mntdir="$shadow_tstdir/mount"; + push(@dirs,$shadow_mntdir); + my $shadow_basedir="$shadow_mntdir/base"; + push(@dirs,$shadow_basedir); + my $shadow_shrdir="$shadow_basedir/share"; + push(@dirs,$shadow_shrdir); + + my $nosymlinks_shrdir="$shrdir/nosymlinks"; + push(@dirs,$nosymlinks_shrdir); + + my $local_symlinks_shrdir="$shrdir/local_symlinks"; + push(@dirs,$local_symlinks_shrdir); + + my $fruit_resource_stream_shrdir="$shrdir/fruit_resource_stream"; + push(@dirs,$fruit_resource_stream_shrdir); + + # this gets autocreated by winbindd + my $wbsockdir="$prefix_abs/wbsock"; + + my $nmbdsockdir="$prefix_abs/nmbd"; + unlink($nmbdsockdir); + + ## + ## create the test directory layout + ## + die ("prefix_abs = ''") if $prefix_abs eq ""; + die ("prefix_abs = '/'") if $prefix_abs eq "/"; + + mkdir($prefix_abs, 0777); + print "CREATE TEST ENVIRONMENT IN '$prefix'..."; + if (not defined($no_delete_prefix) or not $no_delete_prefix) { + system("rm -rf $prefix_abs/*"); + } + mkdir($_, 0777) foreach(@dirs); + + my $fs_specific_conf = $self->get_fs_specific_conf($shrdir); + + ## + ## lockdir and piddir must be 0755 + ## + chmod 0755, $lockdir; + chmod 0755, $piddir; + + + ## + ## Create a directory without permissions to enter + ## + chmod 0000, $noperm_shrdir; + + ## + ## create ro and msdfs share layout + ## + + chmod 0755, $ro_shrdir; + + create_file_chmod("$ro_shrdir/readable_file", 0644) or return undef; + create_file_chmod("$ro_shrdir/unreadable_file", 0600) or return undef; + + create_file_chmod("$ro_shrdir/msdfs-target", 0600) or return undef; + symlink "msdfs:$server_ip\\ro-tmp,$server_ipv6\\ro-tmp", + "$msdfs_shrdir/msdfs-src1"; + symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2"; + symlink "msdfs:$server_ip\\smbcacls_sharedir_dfs,$server_ipv6\\smbcacls_sharedir_dfs", + "$msdfs_shrdir/smbcacls_sharedir_dfs"; + + symlink "msdfs:$server_ip\\msdfs-share2,$server_ipv6\\msdfs-share2", "$msdfs_shrdir/dfshop1"; + symlink "msdfs:$server_ip\\tmp,$server_ipv6\\tmp", "$msdfs_shrdir2/dfshop2"; + ## + ## create bad names in $badnames_shrdir + ## + ## (An invalid name, would be mangled to 8.3). + create_file_chmod("$badnames_shrdir/\340|\231\216\377\177", + 0600) or return undef; + + ## (A bad name, would not be mangled to 8.3). + create_file_chmod("$badnames_shrdir/\240\276\346\327\377\177", + 0666) or return undef; + + ## (A bad good name). + create_file_chmod("$badnames_shrdir/blank.txt", + 0666) or return undef; + + ## + ## create mangleable directory names in $manglenames_shrdir + ## + my $manglename_target = "$manglenames_shrdir/foo:bar"; + mkdir($manglename_target, 0777); + + ## + ## create symlinks for widelinks tests. + ## + my $widelinks_target = "$widelinks_linkdir/target"; + create_file_chmod("$widelinks_target", 0666) or return undef; + + ## + ## This link should get an error + ## + symlink "$widelinks_target", "$widelinks_shrdir/source"; + ## + ## This link should be allowed + ## + symlink "$widelinks_shrdir", "$widelinks_shrdir/dot"; + + my $conffile="$libdir/server.conf"; + my $dfqconffile="$libdir/dfq.conf"; + my $errorinjectconf="$libdir/error_inject.conf"; + my $delayinjectconf="$libdir/delay_inject.conf"; + my $globalinjectconf="$libdir/global_inject.conf"; + my $aliceconfdir="$libdir"; + my $aliceconffile="$libdir/alice.conf"; + + my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl"; + my $nss_wrapper_passwd = "$privatedir/passwd"; + my $nss_wrapper_group = "$privatedir/group"; + my $nss_wrapper_hosts = "$ENV{SELFTEST_PREFIX}/hosts"; + my $dns_host_file = "$ENV{SELFTEST_PREFIX}/dns_host_file"; + + my $mod_printer_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/printing/modprinter.pl"; + + my $fake_snap_pl = "$ENV{PERL} $self->{srcdir}/source3/script/tests/fake_snap.pl"; + + my @eventlog_list = ("dns server", "application"); + + ## + ## calculate uids and gids + ## + + my ($max_uid, $max_gid); + my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup); + my ($uid_pdbtest_wkn); + my ($uid_smbget); + my ($uid_force_user); + my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins); + my ($gid_userdup, $gid_everyone); + my ($gid_force_user); + my ($gid_jackthemapper); + my ($gid_jacknomapper); + my ($uid_user1); + my ($uid_user2); + my ($uid_gooduser); + my ($uid_eviluser); + my ($uid_slashuser); + my ($uid_localbob); + my ($uid_localjane); + my ($uid_localjackthemapper); + my ($uid_localjacknomapper); + + if ($unix_uid < 0xffff - 13) { + $max_uid = 0xffff; + } else { + $max_uid = $unix_uid; + } + + $uid_root = $max_uid - 1; + $uid_nobody = $max_uid - 2; + $uid_pdbtest = $max_uid - 3; + $uid_pdbtest2 = $max_uid - 4; + $uid_userdup = $max_uid - 5; + $uid_pdbtest_wkn = $max_uid - 6; + $uid_force_user = $max_uid - 7; + $uid_smbget = $max_uid - 8; + $uid_user1 = $max_uid - 9; + $uid_user2 = $max_uid - 10; + $uid_gooduser = $max_uid - 11; + $uid_eviluser = $max_uid - 12; + $uid_slashuser = $max_uid - 13; + $uid_localbob = $max_uid - 14; + $uid_localjane = $max_uid - 15; + $uid_localjackthemapper = $max_uid - 16; + $uid_localjacknomapper = $max_uid - 17; + + if ($unix_gids[0] < 0xffff - 8) { + $max_gid = 0xffff; + } else { + $max_gid = $unix_gids[0]; + } + + $gid_nobody = $max_gid - 1; + $gid_nogroup = $max_gid - 2; + $gid_root = $max_gid - 3; + $gid_domusers = $max_gid - 4; + $gid_domadmins = $max_gid - 5; + $gid_userdup = $max_gid - 6; + $gid_everyone = $max_gid - 7; + $gid_force_user = $max_gid - 8; + $gid_jackthemapper = $max_gid - 9; + $gid_jacknomapper = $max_gid - 10; + + ## + ## create conffile + ## + + unless (open(CONF, ">$conffile")) { + warn("Unable to open $conffile"); + return undef; + } + + my $interfaces = Samba::get_interfaces_config($server); + + print CONF " +[global] + dcesrv:fuzz directory = $cachedir/fuzz + netbios name = $netbios_name + interfaces = $interfaces + bind interfaces only = yes + panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY) + smbd:suicide mode = yes + smbd:FSCTL_SMBTORTURE = yes + smbd:validate_oplock_types = yes + + client min protocol = SMB2_02 + server min protocol = SMB2_02 + + server multi channel support = yes + + workgroup = $domain + + private dir = $privatedir + binddns dir = $binddnsdir + pid directory = $piddir + lock directory = $lockdir + log file = $logdir/log.\%m + log level = $server_log_level + debug pid = yes + max log size = 0 + + state directory = $lockdir + cache directory = $lockdir + + passdb backend = tdbsam + + time server = yes + + add user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup + add group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action add --name %g + add machine script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action add --name %u --gid $gid_nogroup + add user to group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action add --member %u --name %g --group_path $nss_wrapper_group + delete user script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type passwd --action delete --name %u + delete group script = $nss_wrapper_pl --group_path $nss_wrapper_group --type group --action delete --name %g + delete user from group script = $nss_wrapper_pl --passwd_path $nss_wrapper_passwd --type member --action delete --member %u --name %g --group_path $nss_wrapper_group + + addprinter command = $mod_printer_pl -a -s $conffile -- + deleteprinter command = $mod_printer_pl -d -s $conffile -- + + eventlog list = application \"dns server\" + + kernel oplocks = no + kernel change notify = no + + logging = file + printing = bsd + printcap name = /dev/null + + winbindd socket directory = $wbsockdir + nmbd:socket dir = $nmbdsockdir + idmap config * : range = 100000-200000 + winbind enum users = yes + winbind enum groups = yes + winbind separator = / + include system krb5 conf = no + +# min receivefile size = 4000 + + read only = no + + smbd:sharedelay = 100000 + smbd:writetimeupdatedelay = 500000 + map hidden = no + map system = no + map readonly = no + store dos attributes = yes + create mask = 755 + dos filemode = yes + strict rename = yes + strict sync = yes + mangled names = yes + vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit + + full_audit:syslog = no + full_audit:success = none + full_audit:failure = none + + printing = vlp + print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s + lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p + lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j + lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j + lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j + queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p + queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p + lpq cache time = 0 + print notify backchannel = yes + + ncalrpc dir = $prefix_abs/ncalrpc + + # The samba3.blackbox.smbclient_s3 test uses this to test that + # sending messages works, and that the %m sub works. + message command = mv %s $shrdir/message.%m + + # fsrvp server requires registry shares + registry shares = yes + + # Used by RPC SRVSVC tests + add share command = $bindir_abs/smbaddshare + change share command = $bindir_abs/smbchangeshare + delete share command = $bindir_abs/smbdeleteshare + + # fruit:copyfile is a global option + fruit:copyfile = yes + + #this does not mean that we use non-secure test env, + #it just means we ALLOW one to be configured. + allow insecure wide links = yes + + include = $globalinjectconf + + # Begin extra options + $extra_options + # End extra options + + #Include user defined custom parameters if set +"; + + if (defined($ENV{INCLUDE_CUSTOM_CONF})) { + print CONF "\t$ENV{INCLUDE_CUSTOM_CONF}\n"; + } + + print CONF " +[smbcacls_share] + path = $smbcacls_share + comment = smb username is [%U] + msdfs root = yes + +[smbcacls_sharedir_dfs] + path = $smbcacls_sharedir_dfs + comment = smb username is [%U] +[tmp] + path = $shrdir + comment = smb username is [%U] +[tmpsort] + path = $shrdir + comment = Load dirsort module + vfs objects = dirsort acl_xattr fake_acls xattr_tdb streams_depot +[tmpenc] + path = $shrdir + comment = encrypt smb username is [%U] + server smb encrypt = required + vfs objects = dirsort +[tmpguest] + path = $shrdir + guest ok = yes +[guestonly] + path = $shrdir + guest only = yes + guest ok = yes +[forceuser] + path = $shrdir + force user = $unix_name + guest ok = yes +[forceuser_unixonly] + comment = force a user with unix user SID and group SID + path = $shrdir + force user = pdbtest + guest ok = yes +[forceuser_wkngroup] + comment = force a user with well-known group SID + path = $shrdir + force user = pdbtest_wkn + guest ok = yes +[forcegroup] + path = $shrdir + force group = nogroup + guest ok = yes +[ro-tmp] + path = $ro_shrdir + guest ok = yes +[noperm] + path = $noperm_shrdir + wide links = yes + guest ok = yes +[write-list-tmp] + path = $shrdir + read only = yes + write list = $unix_name +[valid-users-tmp] + path = $shrdir + valid users = $unix_name + access based share enum = yes +[msdfs-share] + path = $msdfs_shrdir + msdfs root = yes + msdfs shuffle referrals = yes + guest ok = yes +[msdfs-share-wl] + path = $msdfs_shrdir + msdfs root = yes + wide links = yes + guest ok = yes +[msdfs-share2] + path = $msdfs_shrdir2 + msdfs root = yes + guest ok = yes +[hideunread] + copy = tmp + hide unreadable = yes +[tmpcase] + copy = tmp + case sensitive = yes +[hideunwrite] + copy = tmp + hide unwriteable files = yes +[durable] + copy = tmp + kernel share modes = no + kernel oplocks = no + posix locking = no +[fs_specific] + copy = tmp + $fs_specific_conf +[print1] + copy = tmp + printable = yes + +[print2] + copy = print1 +[print3] + copy = print1 + default devmode = no + +[print_var_exp] + copy = print1 + print command = $self->{srcdir}/source3/script/tests/printing/printing_var_exp_lpr_cmd.sh \"Windows user: %U\" \"UNIX user: %u\" \"Domain: %D\" + +[lp] + copy = print1 + +[nfs4acl_simple_40] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = simple + nfs4acl_xattr:version = 40 + vfs objects = nfs4acl_xattr xattr_tdb + +[nfs4acl_special_40] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = special + nfs4acl_xattr:version = 40 + vfs objects = nfs4acl_xattr xattr_tdb + +[nfs4acl_simple_41] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = simple + vfs objects = nfs4acl_xattr xattr_tdb + +[nfs4acl_xdr_40] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = xdr + nfs4acl_xattr:version = 40 + +[nfs4acl_xdr_41] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = xdr + nfs4acl_xattr:version = 41 + +[nfs4acl_nfs_40] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = nfs + nfs4acl_xattr:version = 40 + nfs4acl_xattr:xattr_name = security.nfs4acl_xdr + +[nfs4acl_nfs_41] + path = $shrdir + comment = smb username is [%U] + vfs objects = nfs4acl_xattr xattr_tdb + nfs4:mode = simple + nfs4acl_xattr:encoding = nfs + nfs4acl_xattr:version = 41 + nfs4acl_xattr:xattr_name = security.nfs4acl_xdr + +[xcopy_share] + path = $shrdir + comment = smb username is [%U] + create mask = 777 + force create mode = 777 +[posix_share] + path = $shrdir + comment = smb username is [%U] + create mask = 0777 + force create mode = 0 + directory mask = 0777 + force directory mode = 0 + vfs objects = xattr_tdb streams_depot +[aio] + copy = durable + aio read size = 1 + aio write size = 1 + +[print\$] + copy = tmp + +[vfs_fruit] + path = $shrdir + vfs objects = catia fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = netatalk + fruit:locking = netatalk + fruit:encoding = native + fruit:veto_appledouble = no + +[vfs_fruit_xattr] + path = $shrdir + # This is used by vfs.fruit tests that require real fs xattr + vfs objects = catia fruit streams_xattr acl_xattr + fruit:resource = file + fruit:metadata = netatalk + fruit:locking = netatalk + fruit:encoding = native + fruit:veto_appledouble = no + +[vfs_fruit_metadata_stream] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:veto_appledouble = no + +[vfs_fruit_stream_depot] + path = $shrdir + vfs objects = fruit streams_depot acl_xattr xattr_tdb + fruit:resource = stream + fruit:metadata = stream + fruit:veto_appledouble = no + +[vfs_wo_fruit] + path = $shrdir + vfs objects = streams_xattr acl_xattr xattr_tdb + +[vfs_wo_fruit_stream_depot] + path = $shrdir + vfs objects = streams_depot acl_xattr xattr_tdb + +[vfs_fruit_timemachine] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:time machine = yes + fruit:time machine max size = 32K + +[vfs_fruit_wipe_intentionally_left_blank_rfork] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:wipe_intentionally_left_blank_rfork = true + fruit:delete_empty_adfiles = false + fruit:veto_appledouble = no + +[vfs_fruit_delete_empty_adfiles] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:wipe_intentionally_left_blank_rfork = true + fruit:delete_empty_adfiles = true + fruit:veto_appledouble = no + +[vfs_fruit_zero_fileid] + path = $shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = file + fruit:metadata = stream + fruit:zero_file_id=yes + +[fruit_resource_stream] + path = $fruit_resource_stream_shrdir + vfs objects = fruit streams_xattr acl_xattr xattr_tdb + fruit:resource = stream + fruit:metadata = stream + +[badname-tmp] + path = $badnames_shrdir + guest ok = yes + +[manglenames_share] + path = $manglenames_shrdir + guest ok = yes + +[dynamic_share] + path = $shrdir/dynamic/%t + guest ok = yes + root preexec = mkdir %P + +[widelinks_share] + path = $widelinks_shrdir + wide links = no + guest ok = yes + +[fsrvp_share] + path = $fsrvp_shrdir + comment = fake shapshots using rsync + vfs objects = shell_snap shadow_copy2 + shell_snap:check path command = $fake_snap_pl --check + shell_snap:create command = $fake_snap_pl --create + shell_snap:delete command = $fake_snap_pl --delete + # a relative path here fails, the snapshot dir is no longer found + shadow:snapdir = $fsrvp_shrdir/.snapshots + +[shadow1] + path = $shadow_shrdir + comment = previous versions snapshots under mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + +[shadow2] + path = $shadow_shrdir + comment = previous versions snapshots outside mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:snapdir = $shadow_tstdir/.snapshots + +[shadow3] + path = $shadow_shrdir + comment = previous versions with subvolume snapshots, snapshots under base dir + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + +[shadow4] + path = $shadow_shrdir + comment = previous versions with subvolume snapshots, snapshots outside mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_tstdir/.snapshots + +[shadow5] + path = $shadow_shrdir + comment = previous versions at volume root snapshots under mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_shrdir + +[shadow6] + path = $shadow_shrdir + comment = previous versions at volume root snapshots outside mount point + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_shrdir + shadow:snapdir = $shadow_tstdir/.snapshots + +[shadow7] + path = $shadow_shrdir + comment = previous versions snapshots everywhere + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:snapdirseverywhere = yes + +[shadow8] + path = $shadow_shrdir + comment = previous versions using snapsharepath + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + shadow:snapdir = $shadow_tstdir/.snapshots + shadow:snapsharepath = share + +[shadow_fmt0] + comment = Testing shadow:format with default option + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S + +[shadow_fmt1] + comment = Testing shadow:format with only date component + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = \@GMT-%Y-%m-%d + +[shadow_fmt2] + comment = Testing shadow:format with some hardcoded prefix + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = snap\@GMT-%Y.%m.%d-%H.%M.%S + +[shadow_fmt3] + comment = Testing shadow:format with modified format + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:format = \@GMT-%Y.%m.%d-%H_%M_%S-snap + +[shadow_fmt4] + comment = Testing shadow:snapprefix regex + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:snapprefix = \^s[a-z]*p\$ + shadow:format = _GMT-%Y.%m.%d-%H.%M.%S + +[shadow_fmt5] + comment = Testing shadow:snapprefix with delim regex + vfs object = shadow_copy2 + path = $shadow_shrdir + read only = no + guest ok = yes + shadow:mountpoint = $shadow_mntdir + shadow:basedir = $shadow_basedir + shadow:snapdir = $shadow_basedir/.snapshots + shadow:delimiter = \@GMT + shadow:snapprefix = [a-z]* + shadow:format = \@GMT-%Y.%m.%d-%H.%M.%S + +[shadow_wl] + path = $shadow_shrdir + comment = previous versions with wide links allowed + vfs objects = shadow_copy2 + shadow:mountpoint = $shadow_mntdir + wide links = yes + +[shadow_write] + path = $shadow_tstdir + comment = previous versions snapshots under mount point + vfs objects = shadow_copy2 streams_xattr error_inject + aio write size = 0 + error_inject:pwrite = EBADF + shadow:mountpoint = $shadow_tstdir + shadow:fixinodes = yes + smbd async dosmode = yes + +[dfq] + path = $shrdir/dfree + vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq + admin users = $unix_name + include = $dfqconffile +[dfq_cache] + path = $shrdir/dfree + vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq + admin users = $unix_name + include = $dfqconffile + dfree cache time = 60 +[dfq_owner] + path = $shrdir/dfree + vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq + inherit owner = yes + include = $dfqconffile +[quotadir] + path = $shrdir/quota + admin users = $unix_name + +[acl_xattr_ign_sysacl_posix] + copy = tmp + acl_xattr:ignore system acls = yes + acl_xattr:default acl style = posix +[acl_xattr_ign_sysacl_windows] + copy = tmp + acl_xattr:ignore system acls = yes + acl_xattr:default acl style = windows + +[mangle_illegal] + copy = tmp + mangled names = illegal + +[nosymlinks] + copy = tmp + path = $nosymlinks_shrdir + follow symlinks = no + +[local_symlinks] + copy = tmp + path = $local_symlinks_shrdir + follow symlinks = yes + +[kernel_oplocks] + copy = tmp + kernel oplocks = yes + vfs objects = streams_xattr xattr_tdb + +[streams_xattr] + copy = tmp + vfs objects = streams_xattr xattr_tdb + +[streams_xattr_nostrict] + copy = tmp + strict rename = no + vfs objects = streams_xattr xattr_tdb + +[acl_streams_xattr] + copy = tmp + vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb + acl_xattr:ignore system acls = yes + acl_xattr:security_acl_name = user.acl + xattr_tdb:ignore_user_xattr = yes + +[compound_find] + copy = tmp + smbd:find async delay usec = 10000 +[error_inject] + copy = tmp + vfs objects = error_inject + include = $errorinjectconf + +[delay_inject] + copy = tmp + vfs objects = delay_inject + kernel share modes = no + kernel oplocks = no + posix locking = no + include = $delayinjectconf + +[aio_delay_inject] + copy = tmp + vfs objects = delay_inject + delay_inject:pread_send = 2000 + delay_inject:pwrite_send = 2000 + +[brl_delay_inject1] + copy = tmp + vfs objects = delay_inject + delay_inject:brl_lock_windows = 90 + delay_inject:brl_lock_windows_use_timer = yes + +[brl_delay_inject2] + copy = tmp + vfs objects = delay_inject + delay_inject:brl_lock_windows = 90 + delay_inject:brl_lock_windows_use_timer = no + +[delete_readonly] + path = $prefix_abs/share + delete readonly = yes + +[enc_desired] + path = $prefix_abs/share + vfs objects = + server smb encrypt = desired + +[enc_off] + path = $prefix_abs/share + vfs objects = + server smb encrypt = off + +[notify_priv] + copy = tmp + honor change notify privilege = yes + +[acls_non_canonical] + copy = tmp + acl flag inherited canonicalization = no + +[full_audit_success_bad_name] + copy = tmp + full_audit:success = badname + +[full_audit_fail_bad_name] + copy = tmp + full_audit:failure = badname + +include = $aliceconfdir/%U.conf + "; + + close(CONF); + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + $cmd .= "UID_WRAPPER_ROOT=1 "; + $cmd .= "SMB_CONF_PATH=\"$conffile\" "; + $cmd .= "$net setlocalsid $samsid"; + + my $net_ret = system($cmd); + if ($net_ret != 0) { + warn("net setlocalsid failed: $net_ret\n$cmd"); + return undef; + } + + unless (open(ERRORCONF, ">$errorinjectconf")) { + warn("Unable to open $errorinjectconf"); + return undef; + } + close(ERRORCONF); + + unless (open(DELAYCONF, ">$delayinjectconf")) { + warn("Unable to open $delayinjectconf"); + return undef; + } + close(DELAYCONF); + + unless (open(DFQCONF, ">$dfqconffile")) { + warn("Unable to open $dfqconffile"); + return undef; + } + close(DFQCONF); + + unless (open(DELAYCONF, ">$globalinjectconf")) { + warn("Unable to open $globalinjectconf"); + return undef; + } + close(DELAYCONF); + + unless (open(ALICECONF, ">$aliceconffile")) { + warn("Unable to open $aliceconffile"); + return undef; + } + + print ALICECONF " +[alice_share] + path = $shrdir + comment = smb username is [%U] + "; + + close(ALICECONF); + + ## + ## create a test account + ## + + unless (open(PASSWD, ">$nss_wrapper_passwd")) { + warn("Unable to open $nss_wrapper_passwd"); + return undef; + } + print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false +$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false +pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false +pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false +userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false +pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false +force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false +smbget_user:x:$uid_smbget:$gid_domusers:smbget_user gecos:$prefix_abs:/bin/false +user1:x:$uid_user1:$gid_nogroup:user1 gecos:$prefix_abs:/bin/false +user2:x:$uid_user2:$gid_nogroup:user2 gecos:$prefix_abs:/bin/false +gooduser:x:$uid_gooduser:$gid_domusers:gooduser gecos:$prefix_abs:/bin/false +eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false +slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false +bob:x:$uid_localbob:$gid_domusers:localbob gecos:/:/bin/false +jane:x:$uid_localjane:$gid_domusers:localjane gecos:/:/bin/false +jackthemapper:x:$uid_localjackthemapper:$gid_domusers:localjackthemaper gecos:/:/bin/false +jacknomapper:x:$uid_localjacknomapper:$gid_domusers:localjacknomaper gecos:/:/bin/false +"; + if ($unix_uid != 0) { + print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false +"; + } + close(PASSWD); + + unless (open(GROUP, ">$nss_wrapper_group")) { + warn("Unable to open $nss_wrapper_group"); + return undef; + } + print GROUP "nobody:x:$gid_nobody: +nogroup:x:$gid_nogroup:nobody +$unix_name-group:x:$unix_gids[0]: +domusers:X:$gid_domusers: +domadmins:X:$gid_domadmins: +userdup:x:$gid_userdup:$unix_name +everyone:x:$gid_everyone: +force_user:x:$gid_force_user: +jackthemappergroup:x:$gid_jackthemapper:jackthemapper +jacknomappergroup:x:$gid_jacknomapper:jacknomapper +"; + if ($unix_gids[0] != 0) { + print GROUP "root:x:$gid_root: +"; + } + + close(GROUP); + + ## hosts + my $hostname = lc($server); + unless (open(HOSTS, ">>$nss_wrapper_hosts")) { + warn("Unable to open $nss_wrapper_hosts"); + return undef; + } + print HOSTS "${server_ip} ${hostname}.${dns_domain} ${hostname}\n"; + print HOSTS "${server_ipv6} ${hostname}.${dns_domain} ${hostname}\n"; + close(HOSTS); + + $resolv_conf = "$privatedir/no_resolv.conf" unless defined($resolv_conf); + + foreach my $evlog (@eventlog_list) { + my $evlogtdb = "$eventlogdir/$evlog.tdb"; + open(EVENTLOG, ">$evlogtdb") or die("Unable to open $evlogtdb"); + close(EVENTLOG); + } + + $createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; + $createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group; + $createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; + $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; + if ($ENV{SAMBA_DNS_FAKING}) { + $createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file; + } else { + $createuser_env{RESOLV_WRAPPER_CONF} = $resolv_conf; + } + $createuser_env{RESOLV_CONF} = $resolv_conf; + + createuser($self, $unix_name, $password, $conffile, \%createuser_env) || die("Unable to create user"); + createuser($self, "force_user", $password, $conffile, \%createuser_env) || die("Unable to create force_user"); + createuser($self, "smbget_user", $password, $conffile, \%createuser_env) || die("Unable to create smbget_user"); + createuser($self, "user1", $password, $conffile, \%createuser_env) || die("Unable to create user1"); + createuser($self, "user2", $password, $conffile, \%createuser_env) || die("Unable to create user2"); + createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser"); + createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser"); + createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser"); + createuser($self, "jackthemapper", "mApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jackthemapper"); + createuser($self, "jacknomapper", "nOmApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jacknomapper"); + + open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list"); + print DNS_UPDATE_LIST "A $server. $server_ip\n"; + print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n"; + close(DNS_UPDATE_LIST); + + print "DONE\n"; + + $ret{SERVER_IP} = $server_ip; + $ret{SERVER_IPV6} = $server_ipv6; + $ret{SAMBA_DCERPCD_TEST_LOG} = "$prefix/samba_dcerpcd_test.log"; + $ret{SAMBA_DCERPCD_LOG_POS} = 0; + $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log"; + $ret{NMBD_TEST_LOG_POS} = 0; + $ret{WINBINDD_TEST_LOG} = "$prefix/winbindd_test.log"; + $ret{WINBINDD_TEST_LOG_POS} = 0; + $ret{SMBD_TEST_LOG} = "$prefix/smbd_test.log"; + $ret{SMBD_TEST_LOG_POS} = 0; + $ret{SERVERCONFFILE} = $conffile; + $ret{TESTENV_DIR} = $prefix_abs; + $ret{CONFIGURATION} ="--configfile=$conffile"; + $ret{LOCK_DIR} = $lockdir; + $ret{SERVER} = $server; + $ret{USERNAME} = $unix_name; + $ret{USERID} = $unix_uid; + $ret{DOMAIN} = $domain; + $ret{SAMSID} = $samsid; + $ret{NETBIOSNAME} = $server; + $ret{PASSWORD} = $password; + $ret{PIDDIR} = $piddir; + $ret{SELFTEST_WINBINDD_SOCKET_DIR} = $wbsockdir; + $ret{NMBD_SOCKET_DIR} = $nmbdsockdir; + $ret{SOCKET_WRAPPER_DEFAULT_IFACE} = $swiface; + $ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; + $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group; + $ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; + $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; + $ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self); + $ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind"; + if ($ENV{SAMBA_DNS_FAKING}) { + $ret{RESOLV_WRAPPER_HOSTS} = $dns_host_file; + } else { + $ret{RESOLV_WRAPPER_CONF} = $resolv_conf; + } + $ret{RESOLV_CONF} = $resolv_conf; + $ret{LOCAL_PATH} = "$shrdir"; + $ret{LOGDIR} = $logdir; + + # + # Avoid hitting system krb5.conf - + # An env that needs Kerberos will reset this to the real + # value. + # + $ret{KRB5_CONFIG} = abs_path($prefix) . "/no_krb5.conf"; + + # Define KRB5CCNAME for each environment we set up + $ret{KRB5_CCACHE} = abs_path($prefix) . "/krb5ccache"; + $ENV{KRB5CCNAME} = $ret{KRB5_CCACHE}; + + return \%ret; +} + +sub wait_for_start($$$$$) +{ + my ($self, $envvars, $nmbd, $winbindd, $smbd, $samba_dcerpcd) = @_; + my $cmd; + my $netcmd; + my $ret; + + if ($samba_dcerpcd eq "yes") { + my $count = 0; + my $rpcclient = Samba::bindir_path($self, "rpcclient"); + + print "checking for samba_dcerpcd\n"; + + do { + $ret = system("$rpcclient $envvars->{CONFIGURATION} ncalrpc: -c epmmap"); + + if ($ret != 0) { + sleep(1); + } + $count++ + } while ($ret != 0 && $count < 10); + + if ($count == 10) { + print "samba_dcerpcd not reachable after 10 retries\n"; + teardown_env($self, $envvars); + return 0; + } + } + + if ($nmbd eq "yes") { + my $count = 0; + + # give time for nbt server to register its names + print "checking for nmbd\n"; + + # This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init + my $nmblookup = Samba::bindir_path($self, "nmblookup"); + + do { + $ret = system("$nmblookup $envvars->{CONFIGURATION} $envvars->{SERVER}"); + if ($ret != 0) { + sleep(1); + } else { + system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__"); + system("$nmblookup $envvars->{CONFIGURATION} __SAMBA__"); + system("$nmblookup $envvars->{CONFIGURATION} -U 10.255.255.255 __SAMBA__"); + system("$nmblookup $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}"); + } + $count++; + } while ($ret != 0 && $count < 10); + if ($count == 10) { + print "NMBD not reachable after 10 retries\n"; + teardown_env($self, $envvars); + return 0; + } + } + + if ($winbindd eq "yes" or $winbindd eq "offline") { + print "checking for winbindd\n"; + my $count = 0; + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + if ($winbindd eq "yes") { + $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping-dc"; + } elsif ($winbindd eq "offline") { + $cmd .= Samba::bindir_path($self, "wbinfo") . " --ping"; + } + + do { + $ret = system($cmd); + if ($ret != 0) { + sleep(1); + } + $count++; + } while ($ret != 0 && $count < 20); + if ($count == 20) { + print "WINBINDD not reachable after 20 seconds\n"; + teardown_env($self, $envvars); + return 0; + } + } + + if ($smbd eq "yes") { + # make sure smbd is also up set + print "wait for smbd\n"; + + my $count = 0; + do { + if (defined($envvars->{GNUTLS_FORCE_FIPS_MODE})) { + # We don't have NTLM in FIPS mode, so lets use + # smbcontrol instead of smbclient. + $cmd = Samba::bindir_path($self, "smbcontrol"); + $cmd .= " $envvars->{CONFIGURATION}"; + $cmd .= " smbd ping"; + } else { + # This uses NTLM which is not available in FIPS + $cmd = Samba::bindir_path($self, "smbclient"); + $cmd .= " $envvars->{CONFIGURATION}"; + $cmd .= " -L $envvars->{SERVER}"; + $cmd .= " -U%"; + $cmd .= " -I $envvars->{SERVER_IP}"; + $cmd .= " -p 139"; + } + + $ret = system($cmd); + if ($ret != 0) { + sleep(1); + } + $count++ + } while ($ret != 0 && $count < 20); + if ($count == 20) { + print "SMBD failed to start up in a reasonable time (20sec)\n"; + teardown_env($self, $envvars); + return 0; + } + } + + # Ensure we have domain users mapped. + $netcmd = "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $netcmd .= "UID_WRAPPER_ROOT='1' "; + $netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} "; + + $cmd = $netcmd . "groupmap delete ntgroup=domusers"; + $ret = system($cmd); + + $cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain"; + $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return 1; + } + + $cmd = $netcmd . "groupmap delete ntgroup=domadmins"; + $ret = system($cmd); + + $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain"; + $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return 1; + } + + $cmd = $netcmd . "groupmap delete ntgroup=everyone"; + $ret = system($cmd); + + $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin"; + $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return 1; + } + + # note: creating builtin groups requires winbindd for the + # unix id allocator + my $create_builtin_users = "no"; + if ($winbindd eq "yes") { + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545"; + my $wbinfo_out = qx($cmd 2>&1); + if ($? != 0) { + # wbinfo doesn't give us a better error code then + # WBC_ERR_DOMAIN_NOT_FOUND, but at least that's + # different then WBC_ERR_WINBIND_NOT_AVAILABLE + if ($wbinfo_out !~ /WBC_ERR_DOMAIN_NOT_FOUND/) { + print("Failed to run \"wbinfo --sid-to-gid=S-1-5-32-545\": $wbinfo_out"); + teardown_env($self, $envvars); + return 0; + } + $create_builtin_users = "yes"; + } + } + if ($create_builtin_users eq "yes") { + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $cmd .= Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} "; + $cmd .= "sam createbuiltingroup Users"; + $ret = system($cmd); + if ($ret != 0) { + print "Failed to create BUILTIN\\Users group\n"; + teardown_env($self, $envvars); + return 0; + } + + $cmd = Samba::bindir_path($self, "net") . " $envvars->{CONFIGURATION} "; + $cmd .= "cache del IDMAP/SID2XID/S-1-5-32-545"; + system($cmd); + + $cmd = "SELFTEST_WINBINDD_SOCKET_DIR='$envvars->{SELFTEST_WINBINDD_SOCKET_DIR}' "; + $cmd .= "NSS_WRAPPER_PASSWD='$envvars->{NSS_WRAPPER_PASSWD}' "; + $cmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; + $cmd .= Samba::bindir_path($self, "wbinfo") . " --sid-to-gid=S-1-5-32-545"; + $ret = system($cmd); + if ($ret != 0) { + print "Missing \"BUILTIN\\Users\", did net sam createbuiltingroup Users fail?\n"; + teardown_env($self, $envvars); + return 0; + } + } + + print $self->getlog_env($envvars); + + return 1; +} + +## +## provision and start of ctdb +## +sub setup_ctdb($$) +{ + my ($self, $prefix) = @_; + my $num_nodes = 3; + + my $data = $self->provision_ctdb($prefix, $num_nodes); + $data or return undef; + + my $rc = $self->check_or_start_ctdb($data); + if (not $rc) { + print("check_or_start_ctdb() failed\n"); + return undef; + } + + $rc = $self->wait_for_start_ctdb($data); + if (not $rc) { + print "Cluster startup failed\n"; + return undef; + } + + return $data; +} + +sub provision_ctdb($$$$) +{ + my ($self, $prefix, $num_nodes, $no_delete_prefix) = @_; + my $rc; + + print "PROVISIONING CTDB...\n"; + + my $prefix_abs = abs_path($prefix); + + # + # check / create directories: + # + die ("prefix_abs = ''") if $prefix_abs eq ""; + die ("prefix_abs = '/'") if $prefix_abs eq "/"; + + mkdir ($prefix_abs, 0777); + + print "CREATE CTDB TEST ENVIRONMENT in '$prefix_abs'...\n"; + + if (not defined($no_delete_prefix) or not $no_delete_prefix) { + system("rm -rf $prefix_abs/*"); + } + + # + # Per-node data + # + my @nodes = (); + for (my $i = 0; $i < $num_nodes; $i++) { + my %node = (); + my $server_name = "ctdb${i}"; + my $pub_iface = Samba::get_interface($server_name); + my $ip = Samba::get_ipv4_addr($server_name); + + $node{NODE_NUMBER} = "$i"; + $node{SERVER_NAME} = "$server_name"; + $node{SOCKET_WRAPPER_DEFAULT_IFACE} = "$pub_iface"; + $node{IP} = "$ip"; + + push(@nodes, \%node); + } + + # + # nodes + # + my $nodes_file = "$prefix/nodes.in"; + unless (open(NODES, ">$nodes_file")) { + warn("Unable to open nodesfile '$nodes_file'"); + return undef; + } + for (my $i = 0; $i < $num_nodes; $i++) { + my $ip = $nodes[$i]->{IP}; + print NODES "${ip}\n"; + } + close(NODES); + + # + # local_daemons.sh setup + # + # Socket wrapper setup is done by selftest.pl, so don't use + # the CTDB-specific setup + # + my $cmd; + $cmd .= "ctdb/tests/local_daemons.sh " . $prefix_abs . " setup"; + $cmd .= " -n " . $num_nodes; + $cmd .= " -N " . $nodes_file; + # CTDB should not attempt to manage public addresses - + # clients should just connect to CTDB private addresses + $cmd .= " -P " . "/dev/null"; + + my $ret = system($cmd); + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return undef; + } + + # + # Unix domain socket and node directory for each daemon + # + for (my $i = 0; $i < $num_nodes; $i++) { + my ($cmd, $ret, $out); + + my $cmd_prefix = "ctdb/tests/local_daemons.sh ${prefix_abs}"; + + # + # socket + # + + $cmd = "${cmd_prefix} print-socket ${i}"; + + $out = `$cmd`; + $ret = $?; + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return undef; + } + chomp $out; + $nodes[$i]->{SOCKET_FILE} = "$out"; + + # + # node directory + # + + $cmd = "${cmd_prefix} onnode ${i} 'echo \$CTDB_BASE'"; + + $out = `$cmd`; + $ret = $?; + if ($ret != 0) { + print("\"$cmd\" failed\n"); + return undef; + } + chomp $out; + $nodes[$i]->{NODE_PREFIX} = "$out"; + } + + my %ret = (); + + $ret{CTDB_PREFIX} = "$prefix"; + $ret{NUM_NODES} = $num_nodes; + $ret{CTDB_NODES} = \@nodes; + $ret{CTDB_NODES_FILE} = $nodes_file; + + return \%ret; +} + +sub check_or_start_ctdb($$) { + my ($self, $data) = @_; + + my $prefix = $data->{CTDB_PREFIX}; + my $num_nodes = $data->{NUM_NODES}; + my $nodes = $data->{CTDB_NODES}; + my $STDIN_READER; + + # Share a single stdin pipe for all nodes + pipe($STDIN_READER, $data->{CTDB_STDIN_PIPE}); + + for (my $i = 0; $i < $num_nodes; $i++) { + my $node = $nodes->[$i]; + + $node->{STDIN_PIPE} = $data->{CTDB_STDIN_PIPE}; + + my $cmd = "ctdb/tests/local_daemons.sh"; + my @full_cmd = ("$cmd", "$prefix", "start", "$i"); + my $daemon_ctx = { + NAME => "ctdbd", + BINARY_PATH => $cmd, + FULL_CMD => [ @full_cmd ], + TEE_STDOUT => 1, + LOG_FILE => "/dev/null", + ENV_VARS => {}, + }; + + print "STARTING CTDBD (node ${i})\n"; + + # This does magic with $STDIN_READER, so use it + my $ret = Samba::fork_and_exec($self, + $node, + $daemon_ctx, + $STDIN_READER); + + if ($ret == 0) { + print("\"$cmd\" failed\n"); + teardown_env_ctdb($self, $data); + return 0; + } + } + + close($STDIN_READER); + + return 1; +} + +sub wait_for_start_ctdb($$) +{ + my ($self, $data) = @_; + + my $prefix = $data->{CTDB_PREFIX}; + + print "Wait for ctdbd...\n"; + + my $ctdb = Samba::bindir_path($self, "ctdb"); + my $cmd; + $cmd .= "ctdb/tests/local_daemons.sh ${prefix} onnode all"; + $cmd .= " ${ctdb} nodestatus all 2>&1"; + + my $count = 0; + my $wait_seconds = 60; + my $out; + + until ($count > $wait_seconds) { + $out = `$cmd`; + my $ret = $?; + if ($ret == 0) { + print "\ncluster became healthy\n"; + last; + } + print "Waiting for CTDB...\n"; + sleep(1); + $count++; + } + + if ($count > $wait_seconds) { + print "\nGiving up to wait for CTDB...\n"; + print "${out}\n\n"; + print "CTDB log:\n"; + $cmd = "ctdb/tests/local_daemons.sh ${prefix} print-log all >&2"; + system($cmd); + teardown_env_ctdb($self, $data); + return 0; + } + + print "\nCTDB initialized\n"; + + return 1; +} + +1; diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm new file mode 100755 index 0000000..7033146 --- /dev/null +++ b/selftest/target/Samba4.pm @@ -0,0 +1,3662 @@ +#!/usr/bin/perl +# Bootstrap Samba and run a number of tests against it. +# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org> +# Published under the GNU GPL, v3 or later. + +# NOTE: Refer to the README for more details about the various testenvs, +# and tips about adding new testenvs. + +package Samba4; + +use strict; +use warnings; +use Cwd qw(abs_path); +use FindBin qw($RealBin); +use POSIX; +use SocketWrapper; +use target::Samba; +use target::Samba3; +use Archive::Tar; + +sub new($$$$$) { + my ($classname, $SambaCtx, $bindir, $srcdir, $server_maxtime) = @_; + + my $self = { + vars => {}, + SambaCtx => $SambaCtx, + bindir => $bindir, + srcdir => $srcdir, + server_maxtime => $server_maxtime, + target3 => new Samba3($SambaCtx, $bindir, $srcdir, $server_maxtime) + }; + bless $self; + return $self; +} + +sub scriptdir_path($$) { + my ($self, $path) = @_; + return "$self->{srcdir}/source4/scripting/$path"; +} + +sub check_or_start($$$) +{ + my ($self, $env_vars, $process_model) = @_; + my $STDIN_READER; + + my $env_ok = $self->check_env($env_vars); + if ($env_ok) { + return $env_vars->{SAMBA_PID}; + } elsif (defined($env_vars->{SAMBA_PID})) { + warn("SAMBA PID $env_vars->{SAMBA_PID} is not running (died)"); + return undef; + } + + # use a pipe for stdin in the child processes. This allows + # those processes to monitor the pipe for EOF to ensure they + # exit when the test script exits + pipe($STDIN_READER, $env_vars->{STDIN_PIPE}); + + # build up the command to run samba + my @preargs = (); + my @optargs = (); + if (defined($ENV{SAMBA_OPTIONS})) { + @optargs = split(/ /, $ENV{SAMBA_OPTIONS}); + } + if(defined($ENV{SAMBA_VALGRIND})) { + @preargs = split(/ /,$ENV{SAMBA_VALGRIND}); + } + + if (defined($process_model)) { + push @optargs, ("-M", $process_model); + } + my $binary = Samba::bindir_path($self, "samba"); + my @full_cmd = (@preargs, $binary, "-i", + "--no-process-group", "--maximum-runtime=$self->{server_maxtime}", + $env_vars->{CONFIGURATION}, @optargs); + + # the samba process takes some additional env variables (compared to s3) + my $samba_envs = Samba::get_env_for_process("samba", $env_vars); + if (defined($ENV{MITKRB5})) { + $samba_envs->{KRB5_KDC_PROFILE} = $env_vars->{MITKDC_CONFIG}; + } + + # fork a child process and exec() samba + my $daemon_ctx = { + NAME => "samba", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env_vars->{SAMBA_TEST_LOG}, + TEE_STDOUT => 1, + PCAP_FILE => "env-$ENV{ENVNAME}-samba", + ENV_VARS => $samba_envs, + }; + my $pid = Samba::fork_and_exec($self, $env_vars, $daemon_ctx, $STDIN_READER); + + $env_vars->{SAMBA_PID} = $pid; + + # close the parent's read-end of the pipe + close($STDIN_READER); + + if ($self->wait_for_start($env_vars) != 0) { + warn("Samba $pid failed to start up"); + return undef; + } + + return $pid; +} + +sub wait_for_start($$) +{ + my ($self, $testenv_vars) = @_; + my $count = 0; + my $ret = 0; + + if (not $self->check_env($testenv_vars)) { + warn("unable to confirm Samba $testenv_vars->{SAMBA_PID} is running"); + return -1; + } + + # This will return quickly when things are up, but be slow if we + # need to wait for (eg) SSL init + my $nmblookup = Samba::bindir_path($self, "nmblookup4"); + + do { + $ret = system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}"); + if ($ret != 0) { + sleep(1); + } else { + system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{SERVER}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{SERVER}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} $testenv_vars->{NETBIOSNAME}"); + system("$nmblookup $testenv_vars->{CONFIGURATION} -U $testenv_vars->{SERVER_IP} $testenv_vars->{NETBIOSNAME}"); + } + $count++; + } while ($ret != 0 && $count < 20); + if ($count == 20) { + teardown_env($self, $testenv_vars); + warn("nbt not reachable after 20 retries\n"); + return -1; + } + + # Ensure we have the first RID Set before we start tests. This makes the tests more reliable. + if ($testenv_vars->{SERVER_ROLE} eq "domain controller") { + print "waiting for working LDAP and a RID Set to be allocated\n"; + my $ldbsearch = Samba::bindir_path($self, "ldbsearch"); + my $count = 0; + my $base_dn = "DC=".join(",DC=", split(/\./, $testenv_vars->{REALM})); + + my $search_dn = $base_dn; + if ($testenv_vars->{NETBIOSNAME} ne "RODC") { + # TODO currently no check for actual rIDAllocationPool + $search_dn = "cn=RID Set,cn=$testenv_vars->{NETBIOSNAME},ou=domain controllers,$base_dn"; + } + my $max_wait = 60; + + # Add hosts file for name lookups + my $cmd = $self->get_cmd_env_vars($testenv_vars); + + $cmd .= "$ldbsearch "; + $cmd .= "$testenv_vars->{CONFIGURATION} "; + $cmd .= "-H ldap://$testenv_vars->{SERVER} "; + $cmd .= "-U$testenv_vars->{USERNAME}%$testenv_vars->{PASSWORD} "; + $cmd .= "--scope base "; + $cmd .= "-b '$search_dn' "; + while (system("$cmd >/dev/null") != 0) { + $count++; + if ($count > $max_wait) { + teardown_env($self, $testenv_vars); + warn("Timed out ($max_wait sec) waiting for working LDAP and a RID Set to be allocated by $testenv_vars->{NETBIOSNAME} PID $testenv_vars->{SAMBA_PID}"); + return -1; + } + print "Waiting for working LDAP...\n"; + sleep(1); + } + } + + my $wbinfo = Samba::bindir_path($self, "wbinfo"); + + $count = 0; + do { + my $cmd = "NSS_WRAPPER_PASSWD=$testenv_vars->{NSS_WRAPPER_PASSWD} "; + $cmd .= "NSS_WRAPPER_GROUP=$testenv_vars->{NSS_WRAPPER_GROUP} "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=$testenv_vars->{SELFTEST_WINBINDD_SOCKET_DIR} "; + $cmd .= "$wbinfo -P"; + $ret = system($cmd); + + if ($ret != 0) { + sleep(1); + } + $count++; + } while ($ret != 0 && $count < 20); + if ($count == 20) { + teardown_env($self, $testenv_vars); + warn("winbind not reachable after 20 retries\n"); + return -1; + } + + # Ensure we registered all our names + if ($testenv_vars->{SERVER_ROLE} eq "domain controller") { + my $max_wait = 120; + my $dns_update_cache = "$testenv_vars->{PRIVATEDIR}/dns_update_cache"; + print "Waiting for $dns_update_cache to be created.\n"; + $count = 0; + while (not -e $dns_update_cache) { + $count++; + if ($count > $max_wait) { + teardown_env($self, $testenv_vars); + warn("Timed out ($max_wait sec) waiting for $dns_update_cache PID $testenv_vars->{SAMBA_PID}"); + return -1; + } + print "Waiting for $dns_update_cache to be created...\n"; + sleep(1); + } + print "Waiting for $dns_update_cache to be filled.\n"; + $count = 0; + while ((-s "$dns_update_cache") == 0) { + $count++; + if ($count > $max_wait) { + teardown_env($self, $testenv_vars); + warn("Timed out ($max_wait sec) waiting for $dns_update_cache PID $testenv_vars->{SAMBA_PID}"); + return -1; + } + print "Waiting for $dns_update_cache to be filled...\n"; + sleep(1); + } + } + + print $self->getlog_env($testenv_vars); + + print "READY ($testenv_vars->{SAMBA_PID})\n"; + + return 0 +} + +sub write_ldb_file($$$) +{ + my ($self, $file, $ldif_in) = @_; + + my $ldbadd = Samba::bindir_path($self, "ldbadd"); + open(my $ldif, "|$ldbadd -H $file > /dev/null") + or die "Failed to run $ldbadd: $!"; + print $ldif $ldif_in; + close($ldif); + + unless ($? == 0) { + warn("$ldbadd failed: $?"); + return undef; + } + return 1; +} + +sub add_wins_config($$) +{ + my ($self, $privatedir) = @_; + my $client_ip = Samba::get_ipv4_addr("client"); + + return $self->write_ldb_file("$privatedir/wins_config.ldb", " +dn: name=TORTURE_11,CN=PARTNERS +objectClass: wreplPartner +name: TORTURE_11 +address: $client_ip +pullInterval: 0 +pushChangeCount: 0 +type: 0x3 +"); +} + +sub setup_dns_hub_internal($$$) +{ + my ($self, $hostname, $prefix) = @_; + my $STDIN_READER; + + unless(-d $prefix or mkdir($prefix, 0777)) { + warn("Unable to create $prefix"); + return undef; + } + my $prefix_abs = abs_path($prefix); + + die ("prefix=''") if $prefix_abs eq ""; + die ("prefix='/'") if $prefix_abs eq "/"; + + unless (system("rm -rf $prefix_abs/*") == 0) { + warn("Unable to clean up"); + } + + my $env = undef; + $env->{NETBIOSNAME} = $hostname; + + $env->{SERVER_IP} = Samba::get_ipv4_addr($hostname); + $env->{SERVER_IPV6} = Samba::get_ipv6_addr($hostname); + $env->{SOCKET_WRAPPER_DEFAULT_IFACE} = Samba::get_interface($hostname); + $env->{DNS_HUB_LOG} = "$prefix_abs/dns_hub.log"; + $env->{RESOLV_CONF} = "$prefix_abs/resolv.conf"; + $env->{TESTENV_DIR} = $prefix_abs; + + my $ctx = undef; + $ctx->{resolv_conf} = $env->{RESOLV_CONF}; + $ctx->{dns_ipv4} = $env->{SERVER_IP}; + $ctx->{dns_ipv6} = $env->{SERVER_IPV6}; + Samba::mk_resolv_conf($ctx); + + my @preargs = (); + my @args = (); + if (!defined($ENV{PYTHON})) { + push (@preargs, "env"); + push (@preargs, "python"); + } else { + push (@preargs, $ENV{PYTHON}); + } + my $binary = "$self->{srcdir}/selftest/target/dns_hub.py"; + push (@args, "$self->{server_maxtime}"); + push (@args, "$env->{SERVER_IP},$env->{SERVER_IPV6}"); + push (@args, Samba::realm_to_ip_mappings()); + my @full_cmd = (@preargs, $binary, @args); + + my $daemon_ctx = { + NAME => "dnshub", + BINARY_PATH => $binary, + FULL_CMD => [ @full_cmd ], + LOG_FILE => $env->{DNS_HUB_LOG}, + TEE_STDOUT => 1, + PCAP_FILE => "env-$ENV{ENVNAME}-dns_hub", + ENV_VARS => {}, + }; + + # use a pipe for stdin in the child processes. This allows + # those processes to monitor the pipe for EOF to ensure they + # exit when the test script exits + pipe($STDIN_READER, $env->{STDIN_PIPE}); + + my $pid = Samba::fork_and_exec($self, $env, $daemon_ctx, $STDIN_READER); + + $env->{SAMBA_PID} = $pid; + $env->{KRB5_CONFIG} = "$prefix_abs/no_krb5.conf"; + + # close the parent's read-end of the pipe + close($STDIN_READER); + + return $env; +} + +sub setup_dns_hub +{ + my ($self, $prefix) = @_; + + my $hostname = "rootdnsforwarder"; + + unless(-d $prefix or mkdir($prefix, 0777)) { + warn("Unable to create $prefix"); + return undef; + } + my $env = $self->setup_dns_hub_internal("$hostname", "$prefix/$hostname"); + + $self->{dns_hub_env} = $env; + + return $env; +} + +sub get_dns_hub_env($) +{ + my ($self, $prefix) = @_; + + if (defined($self->{dns_hub_env})) { + return $self->{dns_hub_env}; + } + + die("get_dns_hub_env() not setup 'dns_hub_env'"); + return undef; +} + +sub return_env_value +{ + my ($env, $overwrite, $key) = @_; + + if (defined($overwrite) and defined($overwrite->{$key})) { + return $overwrite->{$key}; + } + + if (defined($env->{$key})) { + return $env->{$key}; + } + + return undef; +} + +# Returns the environmental variables that we pass to samba-tool commands +sub get_cmd_env_vars +{ + my ($self, $givenenv, $overwrite) = @_; + + my @keys = ( + "NSS_WRAPPER_HOSTS", + "SOCKET_WRAPPER_DEFAULT_IFACE", + "RESOLV_CONF", + "RESOLV_WRAPPER_CONF", + "RESOLV_WRAPPER_HOSTS", + "GNUTLS_FORCE_FIPS_MODE", + "OPENSSL_FORCE_FIPS_MODE", + "KRB5_CONFIG", + "KRB5_CCACHE", + "GNUPGHOME", + ); + + my $localenv = undef; + foreach my $key (@keys) { + my $v = return_env_value($givenenv, $overwrite, $key); + $localenv->{$key} = $v if defined($v); + } + + my $cmd_env = "NSS_WRAPPER_HOSTS='$localenv->{NSS_WRAPPER_HOSTS}' "; + $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + if (defined($localenv->{RESOLV_WRAPPER_CONF})) { + $cmd_env .= "RESOLV_WRAPPER_CONF=\"$localenv->{RESOLV_WRAPPER_CONF}\" "; + } else { + $cmd_env .= "RESOLV_WRAPPER_HOSTS=\"$localenv->{RESOLV_WRAPPER_HOSTS}\" "; + } + if (defined($localenv->{GNUTLS_FORCE_FIPS_MODE})) { + $cmd_env .= "GNUTLS_FORCE_FIPS_MODE=$localenv->{GNUTLS_FORCE_FIPS_MODE} "; + } + if (defined($localenv->{OPENSSL_FORCE_FIPS_MODE})) { + $cmd_env .= "OPENSSL_FORCE_FIPS_MODE=$localenv->{OPENSSL_FORCE_FIPS_MODE} "; + } + $cmd_env .= "KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" "; + $cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" "; + $cmd_env .= "RESOLV_CONF=\"$localenv->{RESOLV_CONF}\" "; + $cmd_env .= "GNUPGHOME=\"$localenv->{GNUPGHOME}\" "; + + return $cmd_env; +} + +# Sets up a forest trust namespace. +# (Note this is different to kernel namespaces, setup by the +# USE_NAMESPACES=1 option) +sub setup_namespaces +{ + my ($self, $localenv, $upn_array, $spn_array) = @_; + + @{$upn_array} = [] unless defined($upn_array); + my $upn_args = ""; + foreach my $upn (@{$upn_array}) { + $upn_args .= " --add-upn-suffix=$upn"; + } + + @{$spn_array} = [] unless defined($spn_array); + my $spn_args = ""; + foreach my $spn (@{$spn_array}) { + $spn_args .= " --add-spn-suffix=$spn"; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + + my $cmd_env = $self->get_cmd_env_vars($localenv); + + my $cmd_config = " $localenv->{CONFIGURATION}"; + + my $namespaces = $cmd_env; + $namespaces .= " $samba_tool domain trust namespaces $upn_args $spn_args"; + $namespaces .= $cmd_config; + unless (system($namespaces) == 0) { + warn("Failed to add namespaces \n$namespaces"); + return -1; + } + + return 0; +} + +sub setup_trust($$$$$) +{ + my ($self, $localenv, $remoteenv, $type, $extra_args) = @_; + + $localenv->{TRUST_SERVER} = $remoteenv->{SERVER}; + $localenv->{TRUST_SERVER_IP} = $remoteenv->{SERVER_IP}; + $localenv->{TRUST_DNSNAME} = $remoteenv->{DNSNAME}; + + $localenv->{TRUST_USERNAME} = $remoteenv->{USERNAME}; + $localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD}; + $localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN}; + $localenv->{TRUST_REALM} = $remoteenv->{REALM}; + $localenv->{TRUST_DOMSID} = $remoteenv->{DOMSID}; + + # Add trusted domain realms to krb5.conf + Samba::append_krb5_conf_trust_realms($localenv); + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + + # setup the trust + my $cmd_env = $self->get_cmd_env_vars($localenv); + + my $cmd_config = " $localenv->{CONFIGURATION}"; + my $cmd_creds = $cmd_config; + $cmd_creds .= " -U$localenv->{TRUST_DOMAIN}\\\\$localenv->{TRUST_USERNAME}\%$localenv->{TRUST_PASSWORD}"; + + my $create = $cmd_env; + $create .= " $samba_tool domain trust create --type=${type} $localenv->{TRUST_REALM}"; + $create .= " $extra_args"; + $create .= $cmd_creds; + unless (system($create) == 0) { + warn("Failed to create trust \n$create"); + return undef; + } + + my $groupname = "g_$localenv->{TRUST_DOMAIN}"; + my $groupadd = $cmd_env; + $groupadd .= " $samba_tool group add '$groupname' --group-scope=Domain $cmd_config"; + unless (system($groupadd) == 0) { + warn("Failed to create group \n$groupadd"); + return undef; + } + my $groupmem = $cmd_env; + $groupmem .= " $samba_tool group addmembers '$groupname' '$localenv->{TRUST_DOMSID}-513' $cmd_config"; + unless (system($groupmem) == 0) { + warn("Failed to add group member \n$groupmem"); + return undef; + } + + return $localenv +} + +sub provision_raw_prepare($$$$$$$$$$$$$$) +{ + my ($self, + $prefix, + $server_role, + $hostname, + $domain, + $realm, + $samsid, + $functional_level, + $password, + $kdc_ipv4, + $kdc_ipv6, + $force_fips_mode, + $extra_provision_options) = @_; + my $ctx; + my $python_cmd = ""; + if (defined $ENV{PYTHON}) { + $python_cmd = $ENV{PYTHON} . " "; + } + $ctx->{python} = $python_cmd; + my $netbiosname = uc($hostname); + + unless(-d $prefix or mkdir($prefix, 0777)) { + warn("Unable to create $prefix"); + return undef; + } + my $prefix_abs = abs_path($prefix); + + die ("prefix=''") if $prefix_abs eq ""; + die ("prefix='/'") if $prefix_abs eq "/"; + + unless (system("rm -rf $prefix_abs/*") == 0) { + warn("Unable to clean up"); + } + + + my $swiface = Samba::get_interface($hostname); + + $ctx->{prefix} = $prefix; + $ctx->{prefix_abs} = $prefix_abs; + + $ctx->{server_role} = $server_role; + $ctx->{hostname} = $hostname; + $ctx->{netbiosname} = $netbiosname; + $ctx->{swiface} = $swiface; + $ctx->{password} = $password; + $ctx->{kdc_ipv4} = $kdc_ipv4; + $ctx->{kdc_ipv6} = $kdc_ipv6; + $ctx->{force_fips_mode} = $force_fips_mode; + $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; + if ($functional_level eq "2000") { + $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"; + } + +# +# Set smbd log level here. +# + $ctx->{server_loglevel} =$ENV{SERVER_LOG_LEVEL} || 1; + $ctx->{username} = "Administrator"; + $ctx->{domain} = $domain; + $ctx->{realm} = uc($realm); + $ctx->{dnsname} = lc($realm); + $ctx->{samsid} = $samsid; + + $ctx->{functional_level} = $functional_level; + + my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `whoami`); + chomp $unix_name; + $ctx->{unix_name} = $unix_name; + $ctx->{unix_uid} = $>; + my @mygid = split(" ", $(); + $ctx->{unix_gid} = $mygid[0]; + $ctx->{unix_gids_str} = $); + @{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str}); + + $ctx->{etcdir} = "$prefix_abs/etc"; + $ctx->{piddir} = "$prefix_abs/pid"; + $ctx->{smb_conf} = "$ctx->{etcdir}/smb.conf"; + $ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf"; + $ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache"; + $ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf"; + $ctx->{gnupghome} = "$prefix_abs/gnupg"; + $ctx->{privatedir} = "$prefix_abs/private"; + $ctx->{binddnsdir} = "$prefix_abs/bind-dns"; + $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc"; + $ctx->{lockdir} = "$prefix_abs/lockdir"; + $ctx->{logdir} = "$prefix_abs/logs"; + $ctx->{statedir} = "$prefix_abs/statedir"; + $ctx->{cachedir} = "$prefix_abs/cachedir"; + $ctx->{winbindd_socket_dir} = "$prefix_abs/wbsock"; + $ctx->{ntp_signd_socket_dir} = "$prefix_abs/ntp_signd_socket"; + $ctx->{nsswrap_passwd} = "$ctx->{etcdir}/passwd"; + $ctx->{nsswrap_group} = "$ctx->{etcdir}/group"; + $ctx->{nsswrap_hosts} = "$ENV{SELFTEST_PREFIX}/hosts"; + $ctx->{nsswrap_hostname} = "$ctx->{hostname}.$ctx->{dnsname}"; + if ($ENV{SAMBA_DNS_FAKING}) { + $ctx->{dns_host_file} = "$ENV{SELFTEST_PREFIX}/dns_host_file"; + $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --configfile=$ctx->{smb_conf} --all-interfaces --use-file=$ctx->{dns_host_file}"; + $ctx->{samba_dnsupdate} = $python_cmd . $ctx->{samba_dnsupdate}; + } else { + $ctx->{samba_dnsupdate} = "$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --configfile=$ctx->{smb_conf} --all-interfaces"; + $ctx->{samba_dnsupdate} = $python_cmd . $ctx->{samba_dnsupdate}; + $ctx->{use_resolv_wrapper} = 1; + } + + my $dns_hub = $self->get_dns_hub_env(); + $ctx->{resolv_conf} = $dns_hub->{RESOLV_CONF}; + + $ctx->{tlsdir} = "$ctx->{privatedir}/tls"; + + $ctx->{ipv4} = Samba::get_ipv4_addr($hostname); + $ctx->{ipv6} = Samba::get_ipv6_addr($hostname); + + push(@{$ctx->{directories}}, $ctx->{privatedir}); + push(@{$ctx->{directories}}, $ctx->{binddnsdir}); + push(@{$ctx->{directories}}, $ctx->{etcdir}); + push(@{$ctx->{directories}}, $ctx->{piddir}); + push(@{$ctx->{directories}}, $ctx->{lockdir}); + push(@{$ctx->{directories}}, $ctx->{logdir}); + push(@{$ctx->{directories}}, $ctx->{statedir}); + push(@{$ctx->{directories}}, $ctx->{cachedir}); + + $ctx->{smb_conf_extra_options} = ""; + + my @provision_options = (); + push (@provision_options, "GNUPGHOME=\"$ctx->{gnupghome}\""); + push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_conf}\""); + push (@provision_options, "KRB5CCNAME=\"$ctx->{krb5_ccache}\""); + push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\""); + push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\""); + push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\""); + push (@provision_options, "NSS_WRAPPER_HOSTNAME=\"$ctx->{nsswrap_hostname}\""); + if (defined($ctx->{use_resolv_wrapper})) { + push (@provision_options, "RESOLV_WRAPPER_CONF=\"$ctx->{resolv_conf}\""); + push (@provision_options, "RESOLV_CONF=\"$ctx->{resolv_conf}\""); + } else { + push (@provision_options, "RESOLV_WRAPPER_HOSTS=\"$ctx->{dns_host_file}\""); + } + if (defined($ctx->{force_fips_mode})) { + push (@provision_options, "GNUTLS_FORCE_FIPS_MODE=1"); + push (@provision_options, "OPENSSL_FORCE_FIPS_MODE=1"); + } + + if (defined($ENV{GDB_PROVISION})) { + push (@provision_options, "gdb --args"); + if (!defined($ENV{PYTHON})) { + push (@provision_options, "env"); + push (@provision_options, "python"); + } + } + if (defined($ENV{VALGRIND_PROVISION})) { + push (@provision_options, "valgrind"); + if (!defined($ENV{PYTHON})) { + push (@provision_options, "env"); + push (@provision_options, "python"); + } + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + + push (@provision_options, $samba_tool); + push (@provision_options, "domain"); + push (@provision_options, "provision"); + push (@provision_options, "--configfile=$ctx->{smb_conf}"); + push (@provision_options, "--host-name=$ctx->{hostname}"); + push (@provision_options, "--host-ip=$ctx->{ipv4}"); + push (@provision_options, "--quiet"); + push (@provision_options, "--domain=$ctx->{domain}"); + push (@provision_options, "--realm=$ctx->{realm}"); + if (defined($ctx->{samsid})) { + push (@provision_options, "--domain-sid=$ctx->{samsid}"); + } + push (@provision_options, "--adminpass=$ctx->{password}"); + push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}"); + push (@provision_options, "--machinepass=machine$ctx->{password}"); + push (@provision_options, "--root=$ctx->{unix_name}"); + push (@provision_options, "--server-role=\"$ctx->{server_role}\""); + push (@provision_options, "--function-level=\"$ctx->{functional_level}\""); + + @{$ctx->{provision_options}} = @provision_options; + + if (defined($extra_provision_options)) { + push (@{$ctx->{provision_options}}, @{$extra_provision_options}); + } + + return $ctx; +} + +sub has_option +{ + my ($self, $keyword, @options_list) = @_; + + # convert the options-list to a hash-map for easy keyword lookup + my %options_dict = map { $_ => 1 } @options_list; + + return exists $options_dict{$keyword}; +} + +# +# Step1 creates the basic configuration +# +sub provision_raw_step1($$) +{ + my ($self, $ctx) = @_; + + mkdir($_, 0777) foreach (@{$ctx->{directories}}); + + ## + ## lockdir and piddir must be 0755 + ## + chmod 0755, $ctx->{lockdir}; + chmod 0755, $ctx->{piddir}; + + unless (open(CONFFILE, ">$ctx->{smb_conf}")) { + warn("can't open $ctx->{smb_conf}$?"); + return undef; + } + + Samba::copy_gnupg_home($ctx); + Samba::prepare_keyblobs($ctx); + my $crlfile = "$ctx->{tlsdir}/crl.pem"; + $crlfile = "" unless -e ${crlfile}; + + # work out which file server to use. Default to source3 smbd (s3fs), + # unless the source4 NTVFS (smb) file server has been specified + my $services = "-smb +s3fs"; + if ($self->has_option("--use-ntvfs", @{$ctx->{provision_options}})) { + $services = "+smb -s3fs"; + } + + my $interfaces = Samba::get_interfaces_config($ctx->{netbiosname}); + + print CONFFILE " +[global] + netbios name = $ctx->{netbiosname} + posix:eadb = $ctx->{statedir}/eadb.tdb + workgroup = $ctx->{domain} + realm = $ctx->{realm} + private dir = $ctx->{privatedir} + binddns dir = $ctx->{binddnsdir} + pid directory = $ctx->{piddir} + ncalrpc dir = $ctx->{ncalrpcdir} + lock dir = $ctx->{lockdir} + state directory = $ctx->{statedir} + cache directory = $ctx->{cachedir} + winbindd socket directory = $ctx->{winbindd_socket_dir} + ntp signd socket directory = $ctx->{ntp_signd_socket_dir} + winbind separator = / + interfaces = $interfaces + tls dh params file = $ctx->{tlsdir}/dhparms.pem + tls crlfile = ${crlfile} + tls verify peer = no_check + panic action = $RealBin/gdb_backtrace \%d + smbd:suicide mode = yes + smbd:FSCTL_SMBTORTURE = yes + smbd:validate_oplock_types = yes + wins support = yes + server role = $ctx->{server_role} + server services = +echo $services + dcerpc endpoint servers = +winreg +srvsvc +rpcecho + notify:inotify = false + ldb:nosync = true + ldap server require strong auth = yes + log file = $ctx->{logdir}/log.\%m + log level = $ctx->{server_loglevel} + lanman auth = Yes + ntlm auth = Yes + client min protocol = SMB2_02 + server min protocol = SMB2_02 + mangled names = yes + dns update command = $ctx->{samba_dnsupdate} + spn update command = $ctx->{python} $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate --configfile $ctx->{smb_conf} + gpo update command = $ctx->{python} $ENV{SRCDIR_ABS}/source4/scripting/bin/samba-gpupdate --configfile $ctx->{smb_conf} --target=Computer + samba kcc command = $ctx->{python} $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_kcc + dreplsrv:periodic_startup_interval = 0 + dsdb:schema update allowed = yes + + vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot + + idmap_ldb:use rfc2307=yes + winbind enum users = yes + winbind enum groups = yes + + rpc server port:netlogon = 1026 + include system krb5 conf = no + +"; + + print CONFFILE " + + # Begin extra options + $ctx->{smb_conf_extra_options} + # End extra options +"; + close(CONFFILE); + + #Default the KDC IP to the server's IP + if (not defined($ctx->{kdc_ipv4})) { + $ctx->{kdc_ipv4} = $ctx->{ipv4}; + } + if (not defined($ctx->{kdc_ipv6})) { + $ctx->{kdc_ipv6} = $ctx->{ipv6}; + } + + Samba::mk_krb5_conf($ctx); + Samba::mk_mitkdc_conf($ctx, abs_path(Samba::bindir_path($self, "shared"))); + + open(PWD, ">$ctx->{nsswrap_passwd}"); + if ($ctx->{unix_uid} != 0) { + print PWD "root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false\n"; + } + print PWD "$ctx->{unix_name}:x:$ctx->{unix_uid}:65531:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false\n"; + print PWD "nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false +pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false +pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false +pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false +pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false +"; + close(PWD); + my $uid_rfc2307test = 65533; + + open(GRP, ">$ctx->{nsswrap_group}"); + if ($ctx->{unix_gid} != 0) { + print GRP "root:x:0:\n"; + } + print GRP "$ctx->{unix_name}:x:$ctx->{unix_gid}:\n"; + print GRP "wheel:x:10: +users:x:65531: +nobody:x:65533: +nogroup:x:65534:nobody +"; + close(GRP); + my $gid_rfc2307test = 65532; + + my $hostname = lc($ctx->{hostname}); + open(HOSTS, ">>$ctx->{nsswrap_hosts}"); + if ($hostname eq "localdc") { + print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; + print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; + } else { + print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n"; + print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n"; + } + close(HOSTS); + + my $configuration = "--configfile=$ctx->{smb_conf}"; + +#Ensure the config file is valid before we start + my $testparm = Samba::bindir_path($self, "samba-tool") . " testparm"; + if (system("$testparm $configuration -v --suppress-prompt >/dev/null 2>&1") != 0) { + system("$testparm -v --suppress-prompt $configuration >&2"); + warn("Failed to create a valid smb.conf configuration $testparm!"); + return undef; + } + unless (system("($testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global 2> /dev/null | grep -i \"^$ctx->{netbiosname}\" ) >/dev/null 2>&1") == 0) { + warn("Failed to create a valid smb.conf configuration! $testparm $configuration -v --suppress-prompt --parameter-name=\"netbios name\" --section-name=global"); + return undef; + } + + # Return the environment variables for the new testenv DC. + # Note that we have SERVER_X and DC_SERVER_X variables (which have the same + # value initially). In a 2 DC setup, $DC_SERVER_X will always be the PDC. + my $ret = { + GNUPGHOME => $ctx->{gnupghome}, + KRB5_CONFIG => $ctx->{krb5_conf}, + KRB5_CCACHE => $ctx->{krb5_ccache}, + MITKDC_CONFIG => $ctx->{mitkdc_conf}, + PIDDIR => $ctx->{piddir}, + SERVER => $ctx->{hostname}, + DC_SERVER => $ctx->{hostname}, + SERVER_IP => $ctx->{ipv4}, + DC_SERVER_IP => $ctx->{ipv4}, + SERVER_IPV6 => $ctx->{ipv6}, + DC_SERVER_IPV6 => $ctx->{ipv6}, + NETBIOSNAME => $ctx->{netbiosname}, + DC_NETBIOSNAME => $ctx->{netbiosname}, + DOMAIN => $ctx->{domain}, + USERNAME => $ctx->{username}, + DC_USERNAME => $ctx->{username}, + REALM => $ctx->{realm}, + DNSNAME => $ctx->{dnsname}, + SAMSID => $ctx->{samsid}, + PASSWORD => $ctx->{password}, + DC_PASSWORD => $ctx->{password}, + LDAPDIR => $ctx->{ldapdir}, + LDAP_INSTANCE => $ctx->{ldap_instance}, + SELFTEST_WINBINDD_SOCKET_DIR => $ctx->{winbindd_socket_dir}, + NCALRPCDIR => $ctx->{ncalrpcdir}, + LOCKDIR => $ctx->{lockdir}, + STATEDIR => $ctx->{statedir}, + CACHEDIR => $ctx->{cachedir}, + PRIVATEDIR => $ctx->{privatedir}, + BINDDNSDIR => $ctx->{binddnsdir}, + SERVERCONFFILE => $ctx->{smb_conf}, + TESTENV_DIR => $ctx->{prefix_abs}, + CONFIGURATION => $configuration, + SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface}, + NSS_WRAPPER_PASSWD => $ctx->{nsswrap_passwd}, + NSS_WRAPPER_GROUP => $ctx->{nsswrap_group}, + NSS_WRAPPER_HOSTS => $ctx->{nsswrap_hosts}, + NSS_WRAPPER_HOSTNAME => $ctx->{nsswrap_hostname}, + SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo", + SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log", + SAMBA_TEST_LOG_POS => 0, + NSS_WRAPPER_MODULE_SO_PATH => Samba::nss_wrapper_winbind_so_path($self), + NSS_WRAPPER_MODULE_FN_PREFIX => "winbind", + LOCAL_PATH => $ctx->{share}, + UID_RFC2307TEST => $uid_rfc2307test, + GID_RFC2307TEST => $gid_rfc2307test, + SERVER_ROLE => $ctx->{server_role}, + RESOLV_CONF => $ctx->{resolv_conf}, + }; + + if (defined($ctx->{use_resolv_wrapper})) { + $ret->{RESOLV_WRAPPER_CONF} = $ctx->{resolv_conf}; + } else { + $ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file}; + } + if (defined($ctx->{force_fips_mode})) { + $ret->{GNUTLS_FORCE_FIPS_MODE} = "1", + $ret->{OPENSSL_FORCE_FIPS_MODE} = "1", + } + + if ($ctx->{server_role} eq "domain controller") { + $ret->{DOMSID} = $ret->{SAMSID}; + } + + return $ret; +} + +# +# Step2 runs the provision script +# +sub provision_raw_step2($$$) +{ + my ($self, $ctx, $ret) = @_; + + my $ldif; + + my $provision_cmd = join(" ", @{$ctx->{provision_options}}); + unless (system($provision_cmd) == 0) { + warn("Unable to provision: \n$provision_cmd\n"); + return undef; + } + + my $cmd_env = $self->get_cmd_env_vars($ret); + + my $testallowed_account = "testallowed"; + my $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " user create --configfile=$ctx->{smb_conf} $testallowed_account $ctx->{password}"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to add testallowed user: \n$samba_tool_cmd\n"); + return undef; + } + + my $srv_account = "srv_account"; + $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " user create --configfile=$ctx->{smb_conf} $srv_account $ctx->{password}"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to add $srv_account user: \n$samba_tool_cmd\n"); + return undef; + } + + $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " spn add HOST/$srv_account --configfile=$ctx->{smb_conf} $srv_account"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to add spn for $srv_account: \n$samba_tool_cmd\n"); + return undef; + } + + my $ldbmodify = ${cmd_env}; + $ldbmodify .= Samba::bindir_path($self, "ldbmodify"); + $ldbmodify .= " --configfile=$ctx->{smb_conf}"; + my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm})); + + if ($ctx->{server_role} ne "domain controller") { + $base_dn = "DC=$ctx->{netbiosname}"; + } + + my $user_dn = "cn=$testallowed_account,cn=users,$base_dn"; + $testallowed_account = "testallowed account"; + open($ldif, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb") + or die "Failed to run $ldbmodify: $!"; + print $ldif "dn: $user_dn +changetype: modify +replace: samAccountName +samAccountName: $testallowed_account +- +"; + close($ldif); + unless ($? == 0) { + warn("$ldbmodify failed: $?"); + return undef; + } + + open($ldif, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb") + or die "Failed to run $ldbmodify: $!"; + print $ldif "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: testallowed upn\@$ctx->{realm} +replace: servicePrincipalName +servicePrincipalName: host/testallowed +- +"; + close($ldif); + unless ($? == 0) { + warn("$ldbmodify failed: $?"); + return undef; + } + + $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " user create --configfile=$ctx->{smb_conf} testdenied $ctx->{password}"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to add testdenied user: \n$samba_tool_cmd\n"); + return undef; + } + + $user_dn = "cn=testdenied,cn=users,$base_dn"; + open($ldif, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb") + or die "Failed to run $ldbmodify: $!"; + print $ldif "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: testdenied_upn\@$ctx->{realm}.upn +- +"; + close($ldif); + unless ($? == 0) { + warn("$ldbmodify failed: $?"); + return undef; + } + + $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " user create --configfile=$ctx->{smb_conf} testupnspn $ctx->{password}"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to add testupnspn user: \n$samba_tool_cmd\n"); + return undef; + } + + $user_dn = "cn=testupnspn,cn=users,$base_dn"; + open($ldif, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb") + or die "Failed to run $ldbmodify: $!"; + print $ldif "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: http/testupnspn.$ctx->{dnsname}\@$ctx->{realm} +replace: servicePrincipalName +servicePrincipalName: http/testupnspn.$ctx->{dnsname} +- +"; + close($ldif); + unless ($? == 0) { + warn("$ldbmodify failed: $?"); + return undef; + } + + $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' '$testallowed_account'"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to add '$testallowed_account' user to 'Allowed RODC Password Replication Group': \n$samba_tool_cmd\n"); + return undef; + } + + # Create to users alice and bob! + my $user_account_array = ["alice", "bob", "jane", "joe"]; + + foreach my $user_account (@{$user_account_array}) { + my $samba_tool_cmd = ${cmd_env}; + + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " user create --configfile=$ctx->{smb_conf} $user_account Secret007"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to create user: $user_account\n$samba_tool_cmd\n"); + return undef; + } + } + + my $group_array = ["Samba Users"]; + + foreach my $group (@{$group_array}) { + my $samba_tool_cmd = ${cmd_env}; + + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " group add --configfile=$ctx->{smb_conf} \"$group\""; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to create group: $group\n$samba_tool_cmd\n"); + return undef; + } + } + + # Add user joe to group "Samba Users" + my $group = "Samba Users"; + my $user_account = "joe"; + + $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " group addmembers --configfile=$ctx->{smb_conf} \"$group\" $user_account"; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to add " . $user_account . "to group group : $group\n$samba_tool_cmd\n"); + return undef; + } + + $group = "Samba Users"; + $user_account = "joe"; + + $samba_tool_cmd = ${cmd_env}; + $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") + . " user setprimarygroup --configfile=$ctx->{smb_conf} $user_account \"$group\""; + unless (system($samba_tool_cmd) == 0) { + warn("Unable to set primary group of user: $user_account\n$samba_tool_cmd\n"); + return undef; + } + + # Change the userPrincipalName for jane + $user_dn = "cn=jane,cn=users,$base_dn"; + + open($ldif, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb") + or die "Failed to run $ldbmodify: $!"; + print $ldif "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: jane.doe\@$ctx->{realm} +- +"; + close($ldif); + unless ($? == 0) { + warn("$ldbmodify failed: $?"); + return undef; + } + + return $ret; +} + +sub provision($$$$$$$$$$$) +{ + my ($self, + $prefix, + $server_role, + $hostname, + $domain, + $realm, + $functional_level, + $password, + $kdc_ipv4, + $kdc_ipv6, + $force_fips_mode, + $extra_smbconf_options, + $extra_smbconf_shares, + $extra_provision_options) = @_; + + my $samsid = Samba::random_domain_sid(); + + my $ctx = $self->provision_raw_prepare($prefix, $server_role, + $hostname, + $domain, $realm, + $samsid, + $functional_level, + $password, + $kdc_ipv4, + $kdc_ipv6, + $force_fips_mode, + $extra_provision_options); + + $ctx->{share} = "$ctx->{prefix_abs}/share"; + push(@{$ctx->{directories}}, "$ctx->{share}"); + push(@{$ctx->{directories}}, "$ctx->{share}/test1"); + push(@{$ctx->{directories}}, "$ctx->{share}/test2"); + + # precreate directories for printer drivers + push(@{$ctx->{directories}}, "$ctx->{share}/W32X86"); + push(@{$ctx->{directories}}, "$ctx->{share}/x64"); + push(@{$ctx->{directories}}, "$ctx->{share}/WIN40"); + + my $msdfs = "no"; + $msdfs = "yes" if ($server_role eq "domain controller"); + $ctx->{smb_conf_extra_options} = " + + max xmit = 32K + server max protocol = SMB2 + host msdfs = $msdfs + lanman auth = yes + + # fruit:copyfile is a global option + fruit:copyfile = yes + + $extra_smbconf_options + +[tmp] + path = $ctx->{share} + read only = no + posix:sharedelay = 100000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 500000 + +[xcopy_share] + path = $ctx->{share} + read only = no + posix:sharedelay = 100000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 500000 + create mask = 777 + force create mode = 777 + +[posix_share] + path = $ctx->{share} + read only = no + create mask = 0777 + force create mode = 0 + directory mask = 0777 + force directory mode = 0 + +[test1] + path = $ctx->{share}/test1 + read only = no + posix:sharedelay = 100000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 500000 + +[test2] + path = $ctx->{share}/test2 + read only = no + posix:sharedelay = 100000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 500000 + +[cifs] + path = $ctx->{share}/_ignore_cifs_ + read only = no + ntvfs handler = cifs + cifs:server = $ctx->{netbiosname} + cifs:share = tmp + cifs:use-s4u2proxy = yes + # There is no username specified here, instead the client is expected + # to log in with kerberos, and the serverwill use delegated credentials. + # Or the server tries s4u2self/s4u2proxy to impersonate the client + +[simple] + path = $ctx->{share} + read only = no + ntvfs handler = simple + +[sysvol] + path = $ctx->{statedir}/sysvol + read only = no + +[netlogon] + path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts + read only = no + +[cifsposix] + copy = simple + ntvfs handler = cifsposix + +[vfs_fruit] + path = $ctx->{share} + vfs objects = catia fruit streams_xattr acl_xattr + ea support = yes + fruit:resource = file + fruit:metadata = netatalk + fruit:locking = netatalk + fruit:encoding = native + +[xattr] + path = $ctx->{share} + # This can be used for testing real fs xattr stuff + vfs objects = streams_xattr acl_xattr + +$extra_smbconf_shares +"; + + my $ret = $self->provision_raw_step1($ctx); + unless (defined $ret) { + return undef; + } + + return $self->provision_raw_step2($ctx, $ret); +} + +# For multi-DC testenvs, we want $DC_SERVER to always be the PDC (i.e. the +# original DC) in the testenv. $SERVER is always the joined DC that we are +# actually running the test against +sub set_pdc_env_vars +{ + my ($self, $env, $dcvars) = @_; + + $env->{DC_SERVER} = $dcvars->{DC_SERVER}; + $env->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; + $env->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; + $env->{DC_SERVERCONFFILE} = $dcvars->{SERVERCONFFILE}; + $env->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; + $env->{DC_USERNAME} = $dcvars->{DC_USERNAME}; + $env->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; +} + +sub provision_s4member($$$$$) +{ + my ($self, $prefix, $dcvars, $hostname, $more_conf) = @_; + print "PROVISIONING MEMBER...\n"; + my $extra_smb_conf = " + passdb backend = samba_dsdb +winbindd:use external pipes = true + +# the source4 smb server doesn't allow signing by default +server signing = enabled +raw NTLMv2 auth = yes + +# override the new SMB2 only default +client min protocol = CORE +server min protocol = LANMAN1 +"; + if ($more_conf) { + $extra_smb_conf = $extra_smb_conf . $more_conf . "\n"; + } + my $extra_provision_options = ["--use-ntvfs"]; + my $ret = $self->provision($prefix, + "member server", + $hostname, + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + "2008", + "locMEMpass3", + $dcvars->{SERVER_IP}, + $dcvars->{SERVER_IPV6}, + undef, + $extra_smb_conf, "", + $extra_provision_options); + unless ($ret) { + return undef; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = $self->get_cmd_env_vars($ret); + $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} --experimental-s4-member member"; + $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --machinepass=machine$ret->{PASSWORD}"; + + unless (system($cmd) == 0) { + warn("Join failed\n$cmd"); + return undef; + } + + $ret->{DOMSID} = $dcvars->{DOMSID}; + $self->set_pdc_env_vars($ret, $dcvars); + + return $ret; +} + +sub provision_rpc_proxy($$$) +{ + my ($self, $prefix, $dcvars) = @_; + print "PROVISIONING RPC PROXY...\n"; + + my $extra_smbconf_options = " + passdb backend = samba_dsdb + + # rpc_proxy + dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER} + dcerpc endpoint servers = epmapper, remote + dcerpc_remote:interfaces = rpcecho + dcerpc_remote:allow_anonymous_fallback = yes + # override the new SMB2 only default + client min protocol = CORE + server min protocol = LANMAN1 +[cifs_to_dc] + path = /tmp/_ignore_cifs_to_dc_/_none_ + read only = no + ntvfs handler = cifs + cifs:server = $dcvars->{SERVER} + cifs:share = cifs + cifs:use-s4u2proxy = yes + # There is no username specified here, instead the client is expected + # to log in with kerberos, and the serverwill use delegated credentials. + # Or the server tries s4u2self/s4u2proxy to impersonate the client + +"; + + my $extra_provision_options = ["--use-ntvfs"]; + my $ret = $self->provision($prefix, + "member server", + "localrpcproxy", + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + "2008", + "locRPCproxypass4", + $dcvars->{SERVER_IP}, + $dcvars->{SERVER_IPV6}, + undef, + $extra_smbconf_options, "", + $extra_provision_options); + unless ($ret) { + return undef; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + + # The joind runs in the context of the rpc_proxy/member for now + my $cmd = $self->get_cmd_env_vars($ret); + $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} --experimental-s4-member member"; + $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --machinepass=machine$ret->{PASSWORD}"; + + unless (system($cmd) == 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # Prepare a context of the DC, but using the local CCACHE. + my $overwrite = undef; + $overwrite->{KRB5_CCACHE} = $ret->{KRB5_CCACHE}; + my $dc_cmd_env = $self->get_cmd_env_vars($dcvars, $overwrite); + + # Setting up delegation runs in the context of the DC for now + $cmd = $dc_cmd_env; + $cmd .= "$samba_tool delegation for-any-protocol '$ret->{NETBIOSNAME}\$' on"; + $cmd .= " $dcvars->{CONFIGURATION}"; + print $cmd; + + unless (system($cmd) == 0) { + warn("Delegation failed\n$cmd"); + return undef; + } + + # Setting up delegation runs in the context of the DC for now + $cmd = $dc_cmd_env; + $cmd .= "$samba_tool delegation add-service '$ret->{NETBIOSNAME}\$' cifs/$dcvars->{SERVER}"; + $cmd .= " $dcvars->{CONFIGURATION}"; + + unless (system($cmd) == 0) { + warn("Delegation failed\n$cmd"); + return undef; + } + + $ret->{DOMSID} = $dcvars->{DOMSID}; + $self->set_pdc_env_vars($ret, $dcvars); + + return $ret; +} + +sub provision_promoted_dc($$$) +{ + my ($self, $prefix, $dcvars) = @_; + print "PROVISIONING PROMOTED DC...\n"; + + # We do this so that we don't run the provision. That's the job of 'samba-tool domain dcpromo'. + my $ctx = $self->provision_raw_prepare($prefix, "domain controller", + "promotedvdc", + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + $dcvars->{SAMSID}, + "2008", + $dcvars->{PASSWORD}, + $dcvars->{SERVER_IP}, + $dcvars->{SERVER_IPV6}); + + $ctx->{smb_conf_extra_options} = " + max xmit = 32K + server max protocol = SMB2 + + ntlm auth = ntlmv2-only + + kdc force enable rc4 weak session keys = yes + +[sysvol] + path = $ctx->{statedir}/sysvol + read only = yes + +[netlogon] + path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts + read only = no + +"; + + my $ret = $self->provision_raw_step1($ctx); + unless ($ret) { + return undef; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = $self->get_cmd_env_vars($ret); + $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} --experimental-s4-member MEMBER --realm=$dcvars->{REALM}"; + $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --machinepass=machine$ret->{PASSWORD}"; + + unless (system($cmd) == 0) { + warn("Join failed\n$cmd"); + return undef; + } + + $samba_tool = Samba::bindir_path($self, "samba-tool"); + $cmd = $self->get_cmd_env_vars($ret); + $cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; + $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --machinepass=machine$ret->{PASSWORD} --dns-backend=BIND9_DLZ"; + + unless (system($cmd) == 0) { + warn("Join failed\n$cmd"); + return undef; + } + + $self->set_pdc_env_vars($ret, $dcvars); + + return $ret; +} + +sub provision_vampire_dc($$$) +{ + my ($self, $prefix, $dcvars, $fl) = @_; + print "PROVISIONING VAMPIRE DC @ FL $fl...\n"; + my $name = "localvampiredc"; + my $extra_conf = ""; + + if ($fl == "2000") { + $name = "vampire2000dc"; + } else { + $extra_conf = "drs: immediate link sync = yes + drs: max link sync = 250"; + } + + # We do this so that we don't run the provision. That's the job of 'net vampire'. + my $ctx = $self->provision_raw_prepare($prefix, "domain controller", + $name, + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + $dcvars->{DOMSID}, + $fl, + $dcvars->{PASSWORD}, + $dcvars->{SERVER_IP}, + $dcvars->{SERVER_IPV6}); + + $ctx->{smb_conf_extra_options} = " + max xmit = 32K + server max protocol = SMB2 + + ntlm auth = mschapv2-and-ntlmv2-only + $extra_conf + +[sysvol] + path = $ctx->{statedir}/sysvol + read only = yes + +[netlogon] + path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts + read only = no + +"; + + my $ret = $self->provision_raw_step1($ctx); + unless ($ret) { + return undef; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = $self->get_cmd_env_vars($ret); + $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; + $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only"; + $cmd .= " --machinepass=machine$ret->{PASSWORD}"; + $cmd .= " --backend-store=mdb"; + + unless (system($cmd) == 0) { + warn("Join failed\n$cmd"); + return undef; + } + + $self->set_pdc_env_vars($ret, $dcvars); + $ret->{DC_REALM} = $dcvars->{DC_REALM}; + + return $ret; +} + +sub provision_ad_dc_ntvfs($$$) +{ + my ($self, $prefix, $extra_provision_options) = @_; + + # We keep the old 'winbind' name here in server services to + # ensure upgrades which used that name still work with the now + # alias. + + print "PROVISIONING AD DC (NTVFS)...\n"; + my $extra_conf_options = "netbios aliases = localDC1-a + server services = +winbind -winbindd + ldap server require strong auth = allow_sasl_over_tls + raw NTLMv2 auth = yes + lsa over netlogon = yes + rpc server port = 1027 + auth event notification = true + dsdb event notification = true + dsdb password event notification = true + dsdb group change notification = true + # override the new SMB2 only default + client min protocol = CORE + server min protocol = LANMAN1 + + CVE_2020_1472:warn_about_unused_debug_level = 3 + CVE_2022_38023:warn_about_unused_debug_level = 3 + allow nt4 crypto:torturetest\$ = yes + server reject md5 schannel:schannel2\$ = no + server reject md5 schannel:schannel3\$ = no + server reject md5 schannel:schannel8\$ = no + server reject md5 schannel:schannel9\$ = no + server reject md5 schannel:torturetest\$ = no + server reject md5 schannel:tests4u2proxywk\$ = no + server reject md5 schannel:tests4u2selfbdc\$ = no + server reject md5 schannel:tests4u2selfwk\$ = no + server reject md5 schannel:torturepacbdc\$ = no + server reject md5 schannel:torturepacwksta\$ = no + server require schannel:schannel0\$ = no + server require schannel:schannel1\$ = no + server require schannel:schannel2\$ = no + server require schannel:schannel3\$ = no + server require schannel:schannel4\$ = no + server require schannel:schannel5\$ = no + server require schannel:schannel6\$ = no + server require schannel:schannel7\$ = no + server require schannel:schannel8\$ = no + server require schannel:schannel9\$ = no + server require schannel:schannel10\$ = no + server require schannel:schannel11\$ = no + server require schannel:torturetest\$ = no + server schannel require seal:schannel0\$ = no + server schannel require seal:schannel1\$ = no + server schannel require seal:schannel2\$ = no + server schannel require seal:schannel3\$ = no + server schannel require seal:schannel4\$ = no + server schannel require seal:schannel5\$ = no + server schannel require seal:schannel6\$ = no + server schannel require seal:schannel7\$ = no + server schannel require seal:schannel8\$ = no + server schannel require seal:schannel9\$ = no + server schannel require seal:schannel10\$ = no + server schannel require seal:schannel11\$ = no + server schannel require seal:torturetest\$ = no + + # needed for 'samba.tests.auth_log' tests + server require schannel:LOCALDC\$ = no + server schannel require seal:LOCALDC\$ = no + "; + push (@{$extra_provision_options}, "--use-ntvfs"); + my $ret = $self->provision($prefix, + "domain controller", + "localdc", + "SAMBADOMAIN", + "samba.example.com", + "2008", + "locDCpass1", + undef, + undef, + undef, + $extra_conf_options, + "", + $extra_provision_options); + unless ($ret) { + return undef; + } + + unless($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + $ret->{NETBIOSALIAS} = "localdc1-a"; + $ret->{DC_REALM} = $ret->{REALM}; + + return $ret; +} + +sub provision_fl2000dc($$) +{ + my ($self, $prefix) = @_; + + print "PROVISIONING DC WITH FOREST LEVEL 2000...\n"; + my $extra_conf_options = " + kdc enable fast = no + spnego:simulate_w2k=yes + ntlmssp_server:force_old_spnego=yes + + CVE_2022_38023:warn_about_unused_debug_level = 3 + server reject md5 schannel:tests4u2proxywk\$ = no + server reject md5 schannel:tests4u2selfbdc\$ = no + server reject md5 schannel:tests4u2selfwk\$ = no + server reject md5 schannel:torturepacbdc\$ = no + server reject md5 schannel:torturepacwksta\$ = no +"; + my $extra_provision_options = ["--base-schema=2008_R2"]; + # This environment uses plain text secrets + # i.e. secret attributes are not encrypted on disk. + # This allows testing of the --plaintext-secrets option for + # provision + push (@{$extra_provision_options}, "--plaintext-secrets"); + my $ret = $self->provision($prefix, + "domain controller", + "dc5", + "SAMBA2000", + "samba2000.example.com", + "2000", + "locDCpass5", + undef, + undef, + undef, + $extra_conf_options, + "", + $extra_provision_options); + unless ($ret) { + return undef; + } + + unless($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + $ret->{DC_REALM} = $ret->{REALM}; + + return $ret; +} + +sub provision_fl2003dc($$$) +{ + my ($self, $prefix, $dcvars) = @_; + my $ip_addr1 = Samba::get_ipv4_addr("fakednsforwarder1"); + my $ip_addr2 = Samba::get_ipv6_addr("fakednsforwarder2"); + + print "PROVISIONING DC WITH FOREST LEVEL 2003...\n"; + my $extra_conf_options = " + allow dns updates = nonsecure and secure + + kdc enable fast = no + dcesrv:header signing = no + dcesrv:max auth states = 0 + + dns forwarder = $ip_addr1 [$ip_addr2]:54 + + CVE_2022_38023:warn_about_unused_debug_level = 3 + server reject md5 schannel:tests4u2proxywk\$ = no + server reject md5 schannel:tests4u2selfbdc\$ = no + server reject md5 schannel:tests4u2selfwk\$ = no + server reject md5 schannel:torturepacbdc\$ = no + server reject md5 schannel:torturepacwksta\$ = no +"; + + my $extra_provision_options = ["--base-schema=2008_R2"]; + my $ret = $self->provision($prefix, + "domain controller", + "dc6", + "SAMBA2003", + "samba2003.example.com", + "2003", + "locDCpass6", + undef, + undef, + undef, + $extra_conf_options, + "", + $extra_provision_options); + unless (defined $ret) { + return undef; + } + + $ret->{DNS_FORWARDER1} = $ip_addr1; + $ret->{DNS_FORWARDER2} = $ip_addr2; + + my @samba_tool_options; + push (@samba_tool_options, Samba::bindir_path($self, "samba-tool")); + push (@samba_tool_options, "domain"); + push (@samba_tool_options, "passwordsettings"); + push (@samba_tool_options, "set"); + push (@samba_tool_options, "--configfile=$ret->{SERVERCONFFILE}"); + push (@samba_tool_options, "--min-pwd-age=0"); + push (@samba_tool_options, "--history-length=1"); + + my $samba_tool_cmd = join(" ", @samba_tool_options); + + unless (system($samba_tool_cmd) == 0) { + warn("Unable to set min password age to 0: \n$samba_tool_cmd\n"); + return undef; + } + + unless($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + + return $ret; +} + +sub provision_fl2008r2dc($$$) +{ + my ($self, $prefix, $dcvars) = @_; + + print "PROVISIONING DC WITH FOREST LEVEL 2008r2...\n"; + my $extra_conf_options = " + ldap server require strong auth = no + # delay by 10 seconds, 10^7 usecs + ldap_server:delay_expire_disconnect = 10000 + + CVE_2022_38023:warn_about_unused_debug_level = 3 + server reject md5 schannel:tests4u2proxywk\$ = no + server reject md5 schannel:tests4u2selfbdc\$ = no + server reject md5 schannel:tests4u2selfwk\$ = no + server reject md5 schannel:torturepacbdc\$ = no + server reject md5 schannel:torturepacwksta\$ = no +"; + my $extra_provision_options = ["--base-schema=2008_R2"]; + my $ret = $self->provision($prefix, + "domain controller", + "dc7", + "SAMBA2008R2", + "samba2008R2.example.com", + "2008_R2", + "locDCpass7", + undef, + undef, + undef, + $extra_conf_options, + "", + $extra_provision_options); + unless (defined $ret) { + return undef; + } + + unless ($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + $ret->{DC_REALM} = $ret->{REALM}; + + return $ret; +} + + +sub provision_rodc($$$) +{ + my ($self, $prefix, $dcvars) = @_; + print "PROVISIONING RODC...\n"; + + # We do this so that we don't run the provision. That's the job of 'net join RODC'. + my $ctx = $self->provision_raw_prepare($prefix, "domain controller", + "rodc", + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + $dcvars->{DOMSID}, + "2008", + $dcvars->{PASSWORD}, + $dcvars->{SERVER_IP}, + $dcvars->{SERVER_IPV6}); + unless ($ctx) { + return undef; + } + + $ctx->{share} = "$ctx->{prefix_abs}/share"; + push(@{$ctx->{directories}}, "$ctx->{share}"); + + $ctx->{smb_conf_extra_options} = " + max xmit = 32K + server max protocol = SMB2 + password server = $dcvars->{DC_SERVER} + +[sysvol] + path = $ctx->{statedir}/sysvol + read only = yes + +[netlogon] + path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts + read only = yes + +[tmp] + path = $ctx->{share} + read only = no + posix:sharedelay = 10000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 50000 + +"; + + my $ret = $self->provision_raw_step1($ctx); + unless ($ret) { + return undef; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = $self->get_cmd_env_vars($ret); + $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC"; + $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $cmd .= " --server=$dcvars->{DC_SERVER}"; + + unless (system($cmd) == 0) { + warn("RODC join failed\n$cmd"); + return undef; + } + + # This ensures deterministic behaviour for tests that want to have the 'testallowed account' + # user password verified on the RODC + my $testallowed_account = "testallowed account"; + $cmd = $self->get_cmd_env_vars($ret); + $cmd .= "$samba_tool rodc preload '$testallowed_account' $ret->{CONFIGURATION}"; + $cmd .= " --server=$dcvars->{DC_SERVER}"; + + unless (system($cmd) == 0) { + warn("RODC join failed\n$cmd"); + return undef; + } + + # we overwrite the kdc after the RODC join + # so that use the RODC as kdc and test + # the proxy code + $ctx->{kdc_ipv4} = $ret->{SERVER_IP}; + $ctx->{kdc_ipv6} = $ret->{SERVER_IPV6}; + Samba::mk_krb5_conf($ctx); + Samba::mk_mitkdc_conf($ctx, abs_path(Samba::bindir_path($self, "shared"))); + + $self->set_pdc_env_vars($ret, $dcvars); + + return $ret; +} + +sub read_config_h($) +{ + my ($name) = @_; + my %ret; + open(LF, "<$name") or die("unable to read $name: $!"); + while (<LF>) { + chomp; + next if not (/^#define /); + if (/^#define (.*?)[ \t]+(.*?)$/) { + $ret{$1} = $2; + next; + } + if (/^#define (.*?)[ \t]+$/) { + $ret{$1} = 1;; + next; + } + } + close(LF); + return \%ret; +} + +sub provision_ad_dc($$$$$$$) +{ + my ($self, + $prefix, + $hostname, + $domain, + $realm, + $force_fips_mode, + $smbconf_args, + $extra_provision_options) = @_; + + my $prefix_abs = abs_path($prefix); + + my $bindir_abs = abs_path($self->{bindir}); + my $lockdir="$prefix_abs/lockdir"; + my $conffile="$prefix_abs/etc/smb.conf"; + + my $require_mutexes = "dbwrap_tdb_require_mutexes:* = yes"; + if ($ENV{SELFTEST_DONT_REQUIRE_TDB_MUTEX_SUPPORT} // '' eq "1") { + $require_mutexes = ""; + } + + my $config_h = {}; + + if (defined($ENV{CONFIG_H})) { + $config_h = read_config_h($ENV{CONFIG_H}); + } + + my $password_hash_gpg_key_ids = "password hash gpg key ids = 4952E40301FAB41A"; + $password_hash_gpg_key_ids = "" unless defined($config_h->{HAVE_GPGME}); + + my $extra_smbconf_options = " + xattr_tdb:file = $prefix_abs/statedir/xattr.tdb + + dbwrap_tdb_mutexes:* = yes + ${require_mutexes} + + ${password_hash_gpg_key_ids} + + kernel oplocks = no + kernel change notify = no + smb2 leases = no + smb2 disable oplock break retry = yes + server multi channel support = yes + + logging = file + printing = bsd + printcap name = /dev/null + + max protocol = SMB3 + read only = no + + smbd:sharedelay = 100000 + smbd:writetimeupdatedelay = 500000 + create mask = 755 + dos filemode = yes + check parent directory delete on close = yes + + dcerpc endpoint servers = -winreg -srvsvc + + printcap name = /dev/null + + addprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -a -s $conffile -- + deleteprinter command = $ENV{SRCDIR_ABS}/source3/script/tests/printing/modprinter.pl -d -s $conffile -- + + printing = vlp + print command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb print %p %s + lpq command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpq %p + lp rm command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lprm %p %j + lp pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lppause %p %j + lp resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb lpresume %p %j + queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p + queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p + lpq cache time = 0 + print notify backchannel = yes + + CVE_2020_1472:warn_about_unused_debug_level = 3 + CVE_2022_38023:warn_about_unused_debug_level = 3 + CVE_2022_38023:error_debug_level = 2 + server reject md5 schannel:schannel2\$ = no + server reject md5 schannel:schannel3\$ = no + server reject md5 schannel:schannel8\$ = no + server reject md5 schannel:schannel9\$ = no + server reject md5 schannel:torturetest\$ = no + server reject md5 schannel:tests4u2proxywk\$ = no + server reject md5 schannel:tests4u2selfbdc\$ = no + server reject md5 schannel:tests4u2selfwk\$ = no + server reject md5 schannel:torturepacbdc\$ = no + server reject md5 schannel:torturepacwksta\$ = no + server reject md5 schannel:samlogontest\$ = no + server require schannel:schannel0\$ = no + server require schannel:schannel1\$ = no + server require schannel:schannel2\$ = no + server require schannel:schannel3\$ = no + server require schannel:schannel4\$ = no + server require schannel:schannel5\$ = no + server require schannel:schannel6\$ = no + server require schannel:schannel7\$ = no + server require schannel:schannel8\$ = no + server require schannel:schannel9\$ = no + server require schannel:schannel10\$ = no + server require schannel:schannel11\$ = no + server require schannel:torturetest\$ = no + server schannel require seal:schannel0\$ = no + server schannel require seal:schannel1\$ = no + server schannel require seal:schannel2\$ = no + server schannel require seal:schannel3\$ = no + server schannel require seal:schannel4\$ = no + server schannel require seal:schannel5\$ = no + server schannel require seal:schannel6\$ = no + server schannel require seal:schannel7\$ = no + server schannel require seal:schannel8\$ = no + server schannel require seal:schannel9\$ = no + server schannel require seal:schannel10\$ = no + server schannel require seal:schannel11\$ = no + server schannel require seal:torturetest\$ = no + + auth event notification = true + dsdb event notification = true + dsdb password event notification = true + dsdb group change notification = true + $smbconf_args +"; + + my $extra_smbconf_shares = " + +[tmpenc] + copy = tmp + smb encrypt = required + +[tmpcase] + copy = tmp + case sensitive = yes + +[tmpguest] + copy = tmp + guest ok = yes + +[hideunread] + copy = tmp + hide unreadable = yes + +[durable] + copy = tmp + kernel share modes = no + kernel oplocks = no + posix locking = no + +[print\$] + copy = tmp + +[print1] + copy = tmp + printable = yes + +[print2] + copy = print1 +[print3] + copy = print1 +[print4] + copy = print1 + guest ok = yes +[lp] + copy = print1 +"; + + push (@{$extra_provision_options}, "--backend-store=mdb"); + print "PROVISIONING AD DC...\n"; + my $ret = $self->provision($prefix, + "domain controller", + $hostname, + $domain, + $realm, + "2008", + "locDCpass1", + undef, + undef, + $force_fips_mode, + $extra_smbconf_options, + $extra_smbconf_shares, + $extra_provision_options); + unless (defined $ret) { + return undef; + } + + unless($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + + return $ret; +} + +sub provision_chgdcpass($$) +{ + my ($self, $prefix) = @_; + + print "PROVISIONING CHGDCPASS...\n"; + # This environment disallows the use of this password + # (and also removes the default AD complexity checks) + my $unacceptable_password = "Paßßword-widk3Dsle32jxdBdskldsk55klASKQ"; + + # This environment also sets some settings that are unusual, + # to test specific behaviours. In particular, this + # environment fails to correctly support DRSUAPI_DRS_GET_ANC + # like Samba before 4.5 and DRSUAPI_DRS_GET_TGT before 4.8 + # + # Additionally, disabling DRSUAPI_DRS_GET_TGT causes all links + # to be sent last (in the final chunk), which is like Samba + # before 4.8. + + my $extra_smb_conf = " + check password script = $self->{srcdir}/selftest/checkpassword_arg1.sh ${unacceptable_password} + allow dcerpc auth level connect:lsarpc = yes + dcesrv:max auth states = 8 + drs:broken_samba_4.5_get_anc_emulation = true + drs:get_tgt_support = false +"; + my $extra_provision_options = ["--dns-backend=BIND9_DLZ"]; + my $ret = $self->provision($prefix, + "domain controller", + "chgdcpass", + "CHDCDOMAIN", + "chgdcpassword.samba.example.com", + "2008", + "chgDCpass1", + undef, + undef, + undef, + $extra_smb_conf, + "", + $extra_provision_options); + unless (defined $ret) { + return undef; + } + + unless($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + + # Remove secrets.tdb from this environment to test that we + # still start up on systems without the new matching + # secrets.tdb records. + unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) { + warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision"); + return undef; + } + + $ret->{UNACCEPTABLE_PASSWORD} = $unacceptable_password; + + return $ret; +} + +sub teardown_env_terminate($$) +{ + my ($self, $envvars) = @_; + my $pid; + + # This should cause samba to terminate gracefully + my $smbcontrol = Samba::bindir_path($self, "smbcontrol"); + my $cmd = ""; + $cmd .= "$smbcontrol samba shutdown $envvars->{CONFIGURATION}"; + my $ret = system($cmd); + if ($ret != 0) { + warn "'$cmd' failed with '$ret'\n"; + } + + # This should cause samba to terminate gracefully + close($envvars->{STDIN_PIPE}); + + $pid = $envvars->{SAMBA_PID}; + my $count = 0; + my $childpid; + + # This should give it time to write out the gcov data + until ($count > 15) { + if (Samba::cleanup_child($pid, "samba") != 0) { + return; + } + sleep(1); + $count++; + } + + # After 15 Seconds, work out why this thing is still alive + warn "server process $pid took more than $count seconds to exit, showing backtrace:\n"; + system("$self->{srcdir}/selftest/gdb_backtrace $pid"); + + until ($count > 30) { + if (Samba::cleanup_child($pid, "samba") != 0) { + return; + } + sleep(1); + $count++; + } + + if (kill(0, $pid)) { + warn "server process $pid took more than $count seconds to exit, sending SIGTERM\n"; + kill "TERM", $pid; + } + + until ($count > 40) { + if (Samba::cleanup_child($pid, "samba") != 0) { + return; + } + sleep(1); + $count++; + } + # If it is still around, kill it + if (kill(0, $pid)) { + warn "server process $pid took more than $count seconds to exit, killing\n with SIGKILL\n"; + kill 9, $pid; + } + return; +} + +sub teardown_env($$) +{ + my ($self, $envvars) = @_; + teardown_env_terminate($self, $envvars); + + print $self->getlog_env($envvars); + + return; +} + +sub getlog_env($$) +{ + my ($self, $envvars) = @_; + my $title = "SAMBA LOG of: $envvars->{NETBIOSNAME} pid $envvars->{SAMBA_PID}\n"; + my $out = $title; + + open(LOG, "<$envvars->{SAMBA_TEST_LOG}"); + + seek(LOG, $envvars->{SAMBA_TEST_LOG_POS}, SEEK_SET); + while (<LOG>) { + $out .= $_; + } + $envvars->{SAMBA_TEST_LOG_POS} = tell(LOG); + close(LOG); + + return "" if $out eq $title; + + return $out; +} + +sub check_env($$) +{ + my ($self, $envvars) = @_; + my $samba_pid = $envvars->{SAMBA_PID}; + + if (not defined($samba_pid)) { + return 0; + } elsif ($samba_pid > 0) { + my $childpid = Samba::cleanup_child($samba_pid, "samba"); + + if ($childpid == 0) { + return 1; + } + return 0; + } else { + return 1; + } +} + +# Declare the environments Samba4 makes available. +# To be set up, they will be called as +# samba4->setup_$envname($self, $path, $dep_1_vars, $dep_2_vars, ...) +# The interdependencies between the testenvs are declared below. Some testenvs +# are dependent on another testenv running first, e.g. vampire_dc is dependent +# on ad_dc_ntvfs because vampire_dc joins ad_dc_ntvfs's domain. All DCs are +# dependent on dns_hub, which handles resolving DNS queries for the realm. +%Samba4::ENV_DEPS = ( + # name => [dep_1, dep_2, ...], + dns_hub => [], + ad_dc_ntvfs => ["dns_hub"], + ad_dc_fips => ["dns_hub"], + ad_dc => ["dns_hub"], + ad_dc_smb1 => ["dns_hub"], + ad_dc_smb1_done => ["ad_dc_smb1"], + ad_dc_no_nss => ["dns_hub"], + ad_dc_no_ntlm => ["dns_hub"], + + fl2008r2dc => ["ad_dc"], + fl2003dc => ["ad_dc"], + fl2000dc => ["ad_dc"], + + vampire_2000_dc => ["fl2000dc"], + vampire_dc => ["ad_dc_ntvfs"], + promoted_dc => ["ad_dc_ntvfs"], + + rodc => ["ad_dc_ntvfs"], + rpc_proxy => ["ad_dc_ntvfs"], + chgdcpass => ["dns_hub"], + + s4member_dflt_domain => ["ad_dc_ntvfs"], + s4member => ["ad_dc_ntvfs"], + + # envs that test the server process model + proclimitdc => ["dns_hub"], + preforkrestartdc => ["dns_hub"], + + # backup/restore testenvs + backupfromdc => ["dns_hub"], + customdc => ["dns_hub"], + restoredc => ["backupfromdc"], + renamedc => ["backupfromdc"], + offlinebackupdc => ["backupfromdc"], + labdc => ["backupfromdc"], + + # aliases in order to split autbuild tasks + fl2008dc => ["ad_dc"], + ad_dc_default => ["ad_dc"], + ad_dc_default_smb1 => ["ad_dc_smb1"], + ad_dc_default_smb1_done => ["ad_dc_default_smb1"], + ad_dc_slowtests => ["ad_dc"], + ad_dc_backup => ["ad_dc"], + + schema_dc => ["dns_hub"], + schema_pair_dc => ["schema_dc"], + + none => [], +); + +%Samba4::ENV_DEPS_POST = ( + schema_dc => ["schema_pair_dc"], +); + +sub return_alias_env +{ + my ($self, $path, $env) = @_; + + # just an alias + return $env; +} + +sub setup_fl2008dc +{ + my ($self, $path) = @_; + + my $extra_args = ["--base-schema=2008_R2"]; + my $env = $self->provision_ad_dc_ntvfs($path, $extra_args); + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + warn("Failed to start fl2008dc"); + return undef; + } + } + return $env; +} + +sub setup_ad_dc_default +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env) +} + +sub setup_ad_dc_default_smb1 +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env) +} + +sub setup_ad_dc_default_smb1_done +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env) +} + +sub setup_ad_dc_slowtests +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env) +} + +sub setup_ad_dc_backup +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env) +} + +sub setup_s4member +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_s4member($path, $dc_vars, "s4member"); + + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + } + + return $env; +} + +sub setup_s4member_dflt_domain +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_s4member($path, $dc_vars, "s4member_dflt", + "winbind use default domain = yes"); + + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + } + + return $env; +} + +sub setup_rpc_proxy +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_rpc_proxy($path, $dc_vars); + + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + } + return $env; +} + +sub setup_ad_dc_ntvfs +{ + my ($self, $path) = @_; + + my $env = $self->provision_ad_dc_ntvfs($path, undef); + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + warn("Failed to start ad_dc_ntvfs"); + return undef; + } + } + return $env; +} + +sub setup_chgdcpass +{ + my ($self, $path) = @_; + + my $env = $self->provision_chgdcpass($path); + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + } + return $env; +} + +sub setup_fl2000dc +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_fl2000dc($path); + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + $env = $self->setup_trust($env, $dc_vars, "external", "--no-aes-keys --direction=outgoing"); + } + + return $env; +} + +sub setup_fl2003dc +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_fl2003dc($path); + + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + $env = $self->setup_trust($env, $dc_vars, "external", "--no-aes-keys"); + } + return $env; +} + +sub setup_fl2008r2dc +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_fl2008r2dc($path); + + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + $env = $self->setup_trust($env, $dc_vars, "forest", ""); + } + + return $env; +} + +sub setup_vampire_dc +{ + return setup_generic_vampire_dc(@_, "2008"); +} + +sub setup_vampire_2000_dc +{ + return setup_generic_vampire_dc(@_, "2000"); +} + +sub setup_generic_vampire_dc +{ + my ($self, $path, $dc_vars, $fl) = @_; + + my $env = $self->provision_vampire_dc($path, $dc_vars, $fl); + + if (defined $env) { + if (not defined($self->check_or_start($env, "single"))) { + return undef; + } + + # force replicated DC to update repsTo/repsFrom + # for vampired partitions + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + + # as 'vampired' dc may add data in its local replica + # we need to synchronize data between DCs + my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); + my $cmd = $self->get_cmd_env_vars($env); + $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}"; + $cmd .= " $dc_vars->{CONFIGURATION}"; + $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; + # replicate Configuration NC + my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + # replicate Default NC + $cmd_repl = "$cmd \"$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + + # Pull in a full set of changes from the main DC + $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); + $cmd = $self->get_cmd_env_vars($env); + $cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}"; + $cmd .= " $dc_vars->{CONFIGURATION}"; + $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; + # replicate Configuration NC + $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + # replicate Default NC + $cmd_repl = "$cmd \"$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + } + + return $env; +} + +sub setup_promoted_dc +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_promoted_dc($path, $dc_vars); + + if (defined $env) { + if (not defined($self->check_or_start($env, "single"))) { + return undef; + } + + # force source and replicated DC to update repsTo/repsFrom + # for vampired partitions + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = $self->get_cmd_env_vars($env); + # as 'vampired' dc may add data in its local replica + # we need to synchronize data between DCs + my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); + $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SERVER}"; + $cmd .= " $dc_vars->{CONFIGURATION}"; + $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; + # replicate Configuration NC + my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + # replicate Default NC + $cmd_repl = "$cmd \"$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + } + + return $env; +} + +sub setup_rodc +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_rodc($path, $dc_vars); + + unless ($env) { + return undef; + } + + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = $self->get_cmd_env_vars($env); + + my $base_dn = "DC=".join(",DC=", split(/\./, $dc_vars->{REALM})); + $cmd .= " $samba_tool drs replicate $env->{SERVER} $env->{DC_SERVER}"; + $cmd .= " $dc_vars->{CONFIGURATION}"; + $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}"; + # replicate Configuration NC + my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + # replicate Default NC + $cmd_repl = "$cmd \"$base_dn\""; + unless(system($cmd_repl) == 0) { + warn("Failed to replicate\n$cmd_repl"); + return undef; + } + + return $env; +} + +sub _setup_ad_dc +{ + my ($self, $path, $conf_opts, $server, $dom) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->{target3}->have_ads()) { + return "UNKNOWN"; + } + + if (!defined($conf_opts)) { + $conf_opts = ""; + } + if (!defined($server)) { + $server = "addc"; + } + if (!defined($dom)) { + $dom = "addom.samba.example.com"; + } + my $env = $self->provision_ad_dc($path, $server, "ADDOMAIN", + $dom, + undef, + $conf_opts, + undef); + unless ($env) { + return undef; + } + + if (not defined($self->check_or_start($env, "prefork"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +sub setup_ad_dc +{ + my ($self, $path) = @_; + return _setup_ad_dc($self, $path, undef, undef, undef); +} + +sub setup_ad_dc_smb1 +{ + my ($self, $path) = @_; + my $conf_opts = " +[global] + client min protocol = CORE + server min protocol = LANMAN1 + + # needed for 'samba.tests.auth_log' tests + server require schannel:ADDCSMB1\$ = no + server schannel require seal:ADDCSMB1\$ = no +"; + return _setup_ad_dc($self, $path, $conf_opts, "addcsmb1", "addom2.samba.example.com"); +} + +sub setup_ad_dc_smb1_done +{ + my ($self, $path, $dep_env) = @_; + return $self->return_alias_env($path, $dep_env); +} + +sub setup_ad_dc_no_nss +{ + my ($self, $path) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->{target3}->have_ads()) { + return "UNKNOWN"; + } + + my $env = $self->provision_ad_dc($path, + "addc_no_nss", + "ADNONSSDOMAIN", + "adnonssdom.samba.example.com", + undef, + "", + undef); + unless ($env) { + return undef; + } + + $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef; + $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef; + + if (not defined($self->check_or_start($env, "single"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +sub setup_ad_dc_no_ntlm +{ + my ($self, $path) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->{target3}->have_ads()) { + return "UNKNOWN"; + } + + my $env = $self->provision_ad_dc($path, + "addc_no_ntlm", + "ADNONTLMDOMAIN", + "adnontlmdom.samba.example.com", + undef, + "ntlm auth = disabled\nnt hash store = never", + undef); + unless ($env) { + return undef; + } + + if (not defined($self->check_or_start($env, "prefork"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +sub setup_ad_dc_fips +{ + my ($self, $path) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->{target3}->have_ads()) { + return "UNKNOWN"; + } + + my $env = $self->provision_ad_dc($path, + "fipsdc", + "FIPSDOMAIN", + "fips.samba.example.com", + 1, + "", + undef); + unless ($env) { + return undef; + } + + if (not defined($self->check_or_start($env, "prefork"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +# +# AD DC test environment used solely to test pre-fork process restarts. +# As processes get killed off and restarted it should not be used for other +sub setup_preforkrestartdc +{ + my ($self, $path) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->{target3}->have_ads()) { + return "UNKNOWN"; + } + + # note DC name must be <= 15 chars so we use 'prockill' instead of + # 'preforkrestart' + my $env = $self->provision_ad_dc($path, + "prockilldc", + "PROCKILLDOMAIN", + "prockilldom.samba.example.com", + undef, + "prefork backoff increment = 5\nprefork maximum backoff=10", + undef); + unless ($env) { + return undef; + } + + # We treat processes in this environment cruelly, sometimes + # sending them SIGSEGV signals. We don't need gdb_backtrace + # dissecting these fake crashes in precise detail. + $env->{PLEASE_NO_GDB_BACKTRACE} = '1'; + + $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef; + $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef; + + if (not defined($self->check_or_start($env, "prefork"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +# +# ad_dc test environment used solely to test standard process model connection +# process limits. As the limit is set artificially low it should not be used +# for other tests. +sub setup_proclimitdc +{ + my ($self, $path) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->{target3}->have_ads()) { + return "UNKNOWN"; + } + + my $env = $self->provision_ad_dc($path, + "proclimitdc", + "PROCLIMITDOM", + "proclimit.samba.example.com", + undef, + "max smbd processes = 20", + undef); + unless ($env) { + return undef; + } + + $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef; + $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef; + + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +# Used to test a live upgrade of the schema on a 2 DC network. +sub setup_schema_dc +{ + my ($self, $path) = @_; + + # provision the PDC using an older base schema + my $provision_args = ["--base-schema=2008_R2", "--backend-store=mdb"]; + + my $env = $self->provision_ad_dc($path, + "liveupgrade1dc", + "SCHEMADOMAIN", + "schema.samba.example.com", + undef, + "drs: max link sync = 2", + $provision_args); + unless ($env) { + return undef; + } + + if (not defined($self->check_or_start($env, "prefork"))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +# the second DC in the live schema upgrade pair +sub setup_schema_pair_dc +{ + # note: dcvars contains the env info for the dependent testenv ('schema_dc') + my ($self, $prefix, $dcvars) = @_; + print "Preparing SCHEMA UPGRADE PAIR DC...\n"; + + my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "liveupgrade2dc", + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + $dcvars->{PASSWORD}, + ""); + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd_vars = $self->get_cmd_env_vars($env); + + my $join_cmd = $cmd_vars; + $join_cmd .= "$samba_tool domain join $env->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; + $join_cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} "; + $join_cmd .= " --backend-store=mdb"; + + my $upgrade_cmd = $cmd_vars; + $upgrade_cmd .= "$samba_tool domain schemaupgrade $dcvars->{CONFIGURATION}"; + $upgrade_cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + my $repl_cmd = $cmd_vars; + $repl_cmd .= "$samba_tool drs replicate $env->{SERVER} $dcvars->{SERVER}"; + $repl_cmd .= " CN=Schema,CN=Configuration,DC=schema,DC=samba,DC=example,DC=com"; + $repl_cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + + unless (system($join_cmd) == 0) { + warn("Join failed\n$join_cmd"); + return undef; + } + + $env->{DC_SERVER} = $dcvars->{SERVER}; + $env->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $env->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; + $env->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + + # start samba for the new DC + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + unless (system($upgrade_cmd) == 0) { + warn("Schema upgrade failed\n$upgrade_cmd"); + return undef; + } + + unless (system($repl_cmd) == 0) { + warn("Post-update schema replication failed\n$repl_cmd"); + return undef; + } + + return $env; +} + +# Sets up a DC that's solely used to do a domain backup from. We then use the +# backupfrom-DC to create the restore-DC - this proves that the backup/restore +# process will create a Samba DC that will actually start up. +# We don't use the backup-DC for anything else because its domain will conflict +# with the restore DC. +sub setup_backupfromdc +{ + my ($self, $path) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->{target3}->have_ads()) { + return "UNKNOWN"; + } + + my $provision_args = ["--site=Backup-Site"]; + + my $env = $self->provision_ad_dc($path, + "backupfromdc", + "BACKUPDOMAIN", + "backupdom.samba.example.com", + undef, + "samba kcc command = /bin/true", + $provision_args); + unless ($env) { + return undef; + } + + if (not defined($self->check_or_start($env))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + # Set up a dangling forward link to an expunged object + # + # We need this to ensure that the "samba-tool domain backup rename" + # that is part of the creation of the labdc environment can + # cope with this situation on the source DC. + + if (not $self->write_ldb_file("$env->{PRIVATEDIR}/sam.ldb", " +dn: ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +objectclass: organizationalUnit +- + +dn: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +objectclass: msExchConfigurationContainer +- + +dn: cn=linkfrom,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +objectclass: msExchConfigurationContainer +addressBookRoots: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +- + +")) { + return undef; + } + my $ldbdel = Samba::bindir_path($self, "ldbdel"); + my $cmd = "$ldbdel -H $env->{PRIVATEDIR}/sam.ldb cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com"; + + unless(system($cmd) == 0) { + warn("Failed to delete link target: \n$cmd"); + return undef; + } + + # Expunge will ensure that linkto is totally wiped from the DB + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + $cmd = "$samba_tool domain tombstones expunge --tombstone-lifetime=0 $env->{CONFIGURATION}"; + + unless(system($cmd) == 0) { + warn("Failed to expunge link target: \n$cmd"); + return undef; + } + return $env; +} + +# returns the server/user-auth params needed to run an online backup cmd +sub get_backup_server_args +{ + # dcvars contains the env info for the backup DC testenv + my ($self, $dcvars) = @_; + my $server = $dcvars->{DC_SERVER_IP}; + my $server_args = "--server=$server "; + $server_args .= "-U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; + $server_args .= " $dcvars->{CONFIGURATION}"; + + return $server_args; +} + +# Creates a backup of a running testenv DC +sub create_backup +{ + # note: dcvars contains the env info for the backup DC testenv + my ($self, $env, $dcvars, $backupdir, $backup_cmd) = @_; + + # get all the env variables we pass in with the samba-tool command + # Note: use the backupfrom-DC's krb5.conf to do the backup + my $overwrite = undef; + $overwrite->{KRB5_CONFIG} = $dcvars->{KRB5_CONFIG}; + my $cmd_env = $self->get_cmd_env_vars($env, $overwrite); + + # use samba-tool to create a backup from the 'backupfromdc' DC + my $cmd = ""; + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + + $cmd .= "$cmd_env $samba_tool domain backup $backup_cmd"; + $cmd .= " --targetdir=$backupdir"; + + print "Executing: $cmd\n"; + unless(system($cmd) == 0) { + warn("Failed to create backup using: \n$cmd"); + return undef; + } + + # get the name of the backup file created + opendir(DIR, $backupdir); + my @files = grep(/\.tar/, readdir(DIR)); + closedir(DIR); + + if(scalar @files != 1) { + warn("Backup file not found in directory $backupdir\n"); + return undef; + } + my $backup_file = "$backupdir/$files[0]"; + print "Using backup file $backup_file...\n"; + + return $backup_file; +} + +# Restores a backup-file to populate a testenv for a new DC +sub restore_backup_file +{ + my ($self, $backup_file, $restore_opts, $restoredir, $smbconf) = @_; + + # pass the restore command the testenv's smb.conf that we've already + # generated. But move it to a temp-dir first, so that the restore doesn't + # overwrite it + my $tmpdir = File::Temp->newdir(); + my $tmpconf = "$tmpdir/smb.conf"; + my $cmd = "cp $smbconf $tmpconf"; + unless(system($cmd) == 0) { + warn("Failed to backup smb.conf using: \n$cmd"); + return -1; + } + + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + $cmd = "$samba_tool domain backup restore --backup-file=$backup_file"; + $cmd .= " --targetdir=$restoredir $restore_opts --configfile=$tmpconf"; + + print "Executing: $cmd\n"; + unless(system($cmd) == 0) { + warn("Failed to restore backup using: \n$cmd"); + return -1; + } + + print "Restore complete\n"; + return 0 +} + +# sets up the initial directory and returns the new testenv's env info +# (without actually doing a 'domain join') +sub prepare_dc_testenv +{ + my ($self, $prefix, $dcname, $domain, $realm, + $password, $conf_options, $dnsupdate_options) = @_; + + my $ctx = $self->provision_raw_prepare($prefix, "domain controller", + $dcname, + $domain, + $realm, + undef, + "2008", + $password, + undef, + undef); + + # the restore uses a slightly different state-dir location to other testenvs + $ctx->{statedir} = "$ctx->{prefix_abs}/state"; + push(@{$ctx->{directories}}, "$ctx->{statedir}"); + + # add support for sysvol/netlogon/tmp shares + $ctx->{share} = "$ctx->{prefix_abs}/share"; + push(@{$ctx->{directories}}, "$ctx->{share}"); + push(@{$ctx->{directories}}, "$ctx->{share}/test1"); + + if (defined($dnsupdate_options)) { + $ctx->{samba_dnsupdate} .= $dnsupdate_options; + } + + $ctx->{smb_conf_extra_options} = " + $conf_options + max xmit = 32K + server max protocol = SMB2 + samba kcc command = /bin/true + xattr_tdb:file = $ctx->{statedir}/xattr.tdb + +[sysvol] + path = $ctx->{statedir}/sysvol + read only = no + +[netlogon] + path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts + read only = no + +[tmp] + path = $ctx->{share} + read only = no + posix:sharedelay = 10000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 50000 + +[test1] + path = $ctx->{share}/test1 + read only = no + posix:sharedelay = 100000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 500000 +"; + + my $env = $self->provision_raw_step1($ctx); + + return ($env, $ctx); +} + + +# Set up a DC testenv solely by using the samba-tool domain backup/restore +# commands. This proves that we can backup an online DC ('backupfromdc') and +# use the backup file to create a valid, working samba DC. +sub setup_restoredc +{ + # note: dcvars contains the env info for the dependent testenv ('backupfromdc') + my ($self, $prefix, $dcvars) = @_; + print "Preparing RESTORE DC...\n"; + + # we arbitrarily designate the restored DC as having SMBv1 disabled + my $extra_conf = " + server min protocol = SMB2 + client min protocol = SMB2 + prefork children = 1"; + my $dnsupdate_options = " --use-samba-tool --no-credentials"; + + my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "restoredc", + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + $dcvars->{PASSWORD}, + $extra_conf, + $dnsupdate_options); + + # create a backup of the 'backupfromdc' + my $backupdir = File::Temp->newdir(); + my $server_args = $self->get_backup_server_args($dcvars); + my $backup_args = "online $server_args"; + my $backup_file = $self->create_backup($env, $dcvars, $backupdir, + $backup_args); + unless($backup_file) { + return undef; + } + + # restore the backup file to populate the restore-DC testenv + my $restore_dir = abs_path($prefix); + my $ret = $self->restore_backup_file($backup_file, + "--newservername=$env->{SERVER}", + $restore_dir, $env->{SERVERCONFFILE}); + unless ($ret == 0) { + return undef; + } + + # + # As we create a the same domain as a clone + # we need a separate resolv.conf! + # + $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf"; + $ctx->{dns_ipv4} = $ctx->{ipv4}; + $ctx->{dns_ipv6} = $ctx->{ipv6}; + Samba::mk_resolv_conf($ctx); + $env->{RESOLV_CONF} = $ctx->{resolv_conf}; + + # start samba for the restored DC + if (not defined($self->check_or_start($env))) { + return undef; + } + + return $env; +} + +# Set up a DC testenv solely by using the 'samba-tool domain backup rename' and +# restore commands. This proves that we can backup and rename an online DC +# ('backupfromdc') and use the backup file to create a valid, working samba DC. +sub setup_renamedc +{ + # note: dcvars contains the env info for the dependent testenv ('backupfromdc') + my ($self, $prefix, $dcvars) = @_; + print "Preparing RENAME DC...\n"; + my $extra_conf = "prefork children = 1"; + + my $realm = "renamedom.samba.example.com"; + my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "renamedc", + "RENAMEDOMAIN", $realm, + $dcvars->{PASSWORD}, $extra_conf); + + # create a backup of the 'backupfromdc' which renames the domain + my $backupdir = File::Temp->newdir(); + my $server_args = $self->get_backup_server_args($dcvars); + my $backup_args = "rename $env->{DOMAIN} $env->{REALM} $server_args"; + $backup_args .= " --backend-store=tdb"; + my $backup_file = $self->create_backup($env, $dcvars, $backupdir, + $backup_args); + unless($backup_file) { + return undef; + } + + # restore the backup file to populate the rename-DC testenv + my $restore_dir = abs_path($prefix); + my $restore_opts = "--newservername=$env->{SERVER} --host-ip=$env->{SERVER_IP}"; + my $ret = $self->restore_backup_file($backup_file, $restore_opts, + $restore_dir, $env->{SERVERCONFFILE}); + unless ($ret == 0) { + return undef; + } + + # start samba for the restored DC + if (not defined($self->check_or_start($env))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +# Set up a DC testenv solely by using the 'samba-tool domain backup offline' and +# restore commands. This proves that we do an offline backup of a local DC +# ('backupfromdc') and use the backup file to create a valid, working samba DC. +sub setup_offlinebackupdc +{ + # note: dcvars contains the env info for the dependent testenv ('backupfromdc') + my ($self, $prefix, $dcvars) = @_; + print "Preparing OFFLINE BACKUP DC...\n"; + my $extra_conf = "prefork children = 1"; + my $dnsupdate_options = " --use-samba-tool --no-credentials"; + + my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "offlinebackupdc", + $dcvars->{DOMAIN}, + $dcvars->{REALM}, + $dcvars->{PASSWORD}, + $extra_conf, + $dnsupdate_options); + + # create an offline backup of the 'backupfromdc' target + my $backupdir = File::Temp->newdir(); + my $cmd = "offline --configfile $dcvars->{SERVERCONFFILE}"; + my $backup_file = $self->create_backup($env, $dcvars, + $backupdir, $cmd); + + unless($backup_file) { + return undef; + } + + # restore the backup file to populate the rename-DC testenv + my $restore_dir = abs_path($prefix); + my $restore_opts = "--newservername=$env->{SERVER} --host-ip=$env->{SERVER_IP}"; + my $ret = $self->restore_backup_file($backup_file, $restore_opts, + $restore_dir, $env->{SERVERCONFFILE}); + unless ($ret == 0) { + return undef; + } + + # + # As we create a the same domain as a clone + # we need a separate resolv.conf! + # + $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf"; + $ctx->{dns_ipv4} = $ctx->{ipv4}; + $ctx->{dns_ipv6} = $ctx->{ipv6}; + Samba::mk_resolv_conf($ctx); + $env->{RESOLV_CONF} = $ctx->{resolv_conf}; + + # re-create the testenv's krb5.conf (the restore may have overwritten it) + Samba::mk_krb5_conf($ctx); + + # start samba for the restored DC + if (not defined($self->check_or_start($env))) { + return undef; + } + + return $env; +} + +# Set up a DC testenv solely by using the samba-tool 'domain backup rename' and +# restore commands, using the --no-secrets option. This proves that we can +# create a realistic lab environment from an online DC ('backupfromdc'). +sub setup_labdc +{ + # note: dcvars contains the env info for the dependent testenv ('backupfromdc') + my ($self, $prefix, $dcvars) = @_; + print "Preparing LAB-DOMAIN DC...\n"; + my $extra_conf = "prefork children = 1"; + + my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "labdc", + "LABDOMAIN", + "labdom.samba.example.com", + $dcvars->{PASSWORD}, $extra_conf); + + # create a backup of the 'backupfromdc' which renames the domain and uses + # the --no-secrets option to scrub any sensitive info + my $backupdir = File::Temp->newdir(); + my $server_args = $self->get_backup_server_args($dcvars); + my $backup_args = "rename $env->{DOMAIN} $env->{REALM} $server_args"; + $backup_args .= " --no-secrets --backend-store=mdb"; + my $backup_file = $self->create_backup($env, $dcvars, $backupdir, + $backup_args); + unless($backup_file) { + return undef; + } + + # restore the backup file to populate the lab-DC testenv + my $restore_dir = abs_path($prefix); + my $restore_opts = "--newservername=$env->{SERVER} --host-ip=$env->{SERVER_IP}"; + my $ret = $self->restore_backup_file($backup_file, $restore_opts, + $restore_dir, $env->{SERVERCONFFILE}); + unless ($ret == 0) { + return undef; + } + + # because we don't include any secrets in the backup, we need to reset the + # admin user's password back to what the testenv expects + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = "$samba_tool user setpassword $env->{USERNAME} "; + $cmd .= "--newpassword=$env->{PASSWORD} -H $restore_dir/private/sam.ldb"; + $cmd .= " $env->{CONFIGURATION}"; + + unless(system($cmd) == 0) { + warn("Failed to reset admin's password: \n$cmd"); + return undef; + } + + # start samba for the restored DC + if (not defined($self->check_or_start($env))) { + return undef; + } + + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +# Inspects a backup *.tar.bz2 file and determines the realm/domain it contains +sub get_backup_domain_realm +{ + my ($self, $backup_file) = @_; + + print "Determining REALM/DOMAIN values in backup...\n"; + + # The backup will have the correct domain/realm values in the smb.conf. + # So we can work out the env variables the testenv should use based on + # that. Let's start by extracting the smb.conf + my $tar = Archive::Tar->new($backup_file); + my $tmpdir = File::Temp->newdir(); + my $smbconf = "$tmpdir/smb.conf"; + + # note that the filepaths within the tar-file differ slightly for online + # and offline backups + if ($tar->contains_file("etc/smb.conf")) { + $tar->extract_file("etc/smb.conf", $smbconf); + } elsif ($tar->contains_file("./etc/smb.conf")) { + $tar->extract_file("./etc/smb.conf", $smbconf); + } else { + warn("Could not find smb.conf in $backup_file"); + return undef, undef; + } + + # make sure we don't try to create locks/sockets in the default install + # location (i.e. /usr/local/samba/) + my $options = "--option=\"private dir = $tmpdir\""; + $options .= " --option=\"lock dir = $tmpdir\""; + + # now use testparm to read the values we're interested in + my $testparm = Samba::bindir_path($self, "testparm"); + my $domain = `$testparm $smbconf -sl --parameter-name=WORKGROUP $options`; + my $realm = `$testparm $smbconf -sl --parameter-name=REALM $options`; + chomp $realm; + chomp $domain; + print "Backup-file REALM is $realm, DOMAIN is $domain\n"; + + return ($domain, $realm); +} + +# This spins up a custom testenv that can be based on any backup-file you want. +# This is just intended for manual testing (rather than automated test-cases) +sub setup_customdc +{ + my ($self, $prefix) = @_; + print "Preparing CUSTOM RESTORE DC...\n"; + my $dc_name = "customdc"; + my $password = "locDCpass1"; + my $backup_file = $ENV{'BACKUP_FILE'}; + my $dnsupdate_options = " --use-samba-tool --no-credentials"; + + # user must specify a backup file to restore via an ENV variable, i.e. + # BACKUP_FILE=backup-blah.tar.bz2 SELFTEST_TESTENV=customdc make testenv + if (not defined($backup_file)) { + warn("Please specify BACKUP_FILE"); + return undef; + } + + # work out the correct domain/realm env values from the backup-file + my ($domain, $realm) = $self->get_backup_domain_realm($backup_file); + if ($domain eq '' or $realm eq '') { + warn("Could not determine domain or realm"); + return undef; + } + + # create a placeholder directory and smb.conf, as well as the env vars. + my ($env, $ctx) = $self->prepare_dc_testenv($prefix, $dc_name, + $domain, $realm, $password, "", + $dnsupdate_options); + + # restore the specified backup file to populate the testenv + my $restore_dir = abs_path($prefix); + my $ret = $self->restore_backup_file($backup_file, + "--newservername=$env->{SERVER}", + $restore_dir, $env->{SERVERCONFFILE}); + unless ($ret == 0) { + return undef; + } + + # + # As we create a the same domain as a clone + # we need a separate resolv.conf! + # + $ctx->{resolv_conf} = "$ctx->{etcdir}/resolv.conf"; + $ctx->{dns_ipv4} = $ctx->{ipv4}; + $ctx->{dns_ipv6} = $ctx->{ipv6}; + Samba::mk_resolv_conf($ctx); + $env->{RESOLV_CONF} = $ctx->{resolv_conf}; + + # Change the admin password to the testenv default, just in case it's + # different, or in case this was a --no-secrets backup + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + my $cmd = "$samba_tool user setpassword $env->{USERNAME} "; + $cmd .= "--newpassword=$password -H $restore_dir/private/sam.ldb"; + $cmd .= " $env->{CONFIGURATION}"; + + unless(system($cmd) == 0) { + warn("Failed to reset admin's password: \n$cmd"); + return undef; + } + + # re-create the testenv's krb5.conf (the restore may have overwritten it, + # if the backup-file was an offline backup) + Samba::mk_krb5_conf($ctx); + + # start samba for the restored DC + if (not defined($self->check_or_start($env))) { + return undef; + } + + # if this was a backup-rename, then we may need to setup namespaces + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; + + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; + } + + return $env; +} + +sub setup_none +{ + my ($self, $path) = @_; + + my $ret = { + KRB5_CONFIG => abs_path($path) . "/no_krb5.conf", + SAMBA_PID => -1, + } +} + +1; diff --git a/selftest/target/dns_hub.py b/selftest/target/dns_hub.py new file mode 100755 index 0000000..993c56e --- /dev/null +++ b/selftest/target/dns_hub.py @@ -0,0 +1,250 @@ +#!/usr/bin/env python3 +# +# Unix SMB/CIFS implementation. +# Copyright (C) Volker Lendecke 2017 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Used by selftest to proxy DNS queries to the correct testenv DC. +# See selftest/target/README for more details. +# Based on the EchoServer example from python docs + +import threading +import sys +import select +import socket +import collections +import time +from samba.dcerpc import dns +import samba.ndr as ndr + +if sys.version_info[0] < 3: + import SocketServer + sserver = SocketServer +else: + import socketserver + sserver = socketserver + +DNS_REQUEST_TIMEOUT = 10 + +# make sure the script dies immediately when hitting control-C, +# rather than raising KeyboardInterrupt. As we do all database +# operations using transactions, this is safe. +import signal +signal.signal(signal.SIGINT, signal.SIG_DFL) + +class DnsHandler(sserver.BaseRequestHandler): + dns_qtype_strings = dict((v, k) for k, v in vars(dns).items() if k.startswith('DNS_QTYPE_')) + def dns_qtype_string(self, qtype): + "Return a readable qtype code" + return self.dns_qtype_strings[qtype] + + dns_rcode_strings = dict((v, k) for k, v in vars(dns).items() if k.startswith('DNS_RCODE_')) + def dns_rcode_string(self, rcode): + "Return a readable error code" + return self.dns_rcode_strings[rcode] + + def dns_transaction_udp(self, packet, host): + "send a DNS query and read the reply" + s = None + flags = socket.AddressInfo.AI_NUMERICHOST + flags |= socket.AddressInfo.AI_NUMERICSERV + flags |= socket.AddressInfo.AI_PASSIVE + addr_info = socket.getaddrinfo(host, int(53), + type=socket.SocketKind.SOCK_DGRAM, + flags=flags) + assert len(addr_info) == 1 + try: + send_packet = ndr.ndr_pack(packet) + s = socket.socket(addr_info[0][0], addr_info[0][1], 0) + s.settimeout(DNS_REQUEST_TIMEOUT) + s.connect(addr_info[0][4]) + s.sendall(send_packet, 0) + recv_packet = s.recv(2048, 0) + return ndr.ndr_unpack(dns.name_packet, recv_packet) + except socket.error as err: + print("Error sending to host %s for name %s: %s\n" % + (host, packet.questions[0].name, err.errno)) + raise + finally: + if s is not None: + s.close() + + def get_pdc_ipv4_addr(self, lookup_name): + """Maps a DNS realm to the IPv4 address of the PDC for that testenv""" + + realm_to_ip_mappings = self.server.realm_to_ip_mappings + + # sort the realms so we find the longest-match first + testenv_realms = sorted(realm_to_ip_mappings.keys(), key=len) + testenv_realms.reverse() + + for realm in testenv_realms: + if lookup_name.endswith(realm): + # return the corresponding IP address for this realm's PDC + return realm_to_ip_mappings[realm] + + return None + + def forwarder(self, name): + lname = name.lower() + + # check for special cases used by tests (e.g. dns_forwarder.py) + if lname.endswith('an-address-that-will-not-resolve'): + return 'ignore' + if lname.endswith('dsfsdfs'): + return 'fail' + if lname.endswith("torture1", 0, len(lname)-2): + # CATCH TORTURE100, TORTURE101, ... + return 'torture' + if lname.endswith('_none_.example.com'): + return 'torture' + if lname.endswith('torturedom.samba.example.com'): + return 'torture' + + # return the testenv PDC matching the realm being requested + return self.get_pdc_ipv4_addr(lname) + + def handle(self): + start = time.monotonic() + data, sock = self.request + query = ndr.ndr_unpack(dns.name_packet, data) + name = query.questions[0].name + forwarder = self.forwarder(name) + response = None + + if forwarder == 'ignore': + return + elif forwarder == 'fail': + pass + elif forwarder in ['torture', None]: + response = query + response.operation |= dns.DNS_FLAG_REPLY + response.operation |= dns.DNS_FLAG_RECURSION_AVAIL + response.operation |= dns.DNS_RCODE_NXDOMAIN + else: + try: + response = self.dns_transaction_udp(query, forwarder) + except OSError as err: + print("dns_hub: Error sending dns query to forwarder[%s] for name[%s]: %s" % + (forwarder, name, err)) + + if response is None: + response = query + response.operation |= dns.DNS_FLAG_REPLY + response.operation |= dns.DNS_FLAG_RECURSION_AVAIL + response.operation |= dns.DNS_RCODE_SERVFAIL + + send_packet = ndr.ndr_pack(response) + + end = time.monotonic() + tdiff = end - start + errcode = response.operation & dns.DNS_RCODE + if tdiff > (DNS_REQUEST_TIMEOUT/5): + debug = True + else: + debug = False + if debug: + print("dns_hub: forwarder[%s] client[%s] name[%s][%s] %s response.operation[0x%x] tdiff[%s]\n" % + (forwarder, self.client_address, name, + self.dns_qtype_string(query.questions[0].question_type), + self.dns_rcode_string(errcode), response.operation, tdiff)) + + try: + sock.sendto(send_packet, self.client_address) + except socket.error as err: + print("dns_hub: Error sending response to client[%s] for name[%s] tdiff[%s]: %s\n" % + (self.client_address, name, tdiff, err)) + + +class server_thread(threading.Thread): + def __init__(self, server, name): + threading.Thread.__init__(self, name=name) + self.server = server + + def run(self): + print("dns_hub[%s]: before serve_forever()" % self.name) + self.server.serve_forever() + print("dns_hub[%s]: after serve_forever()" % self.name) + + def stop(self): + print("dns_hub[%s]: before shutdown()" % self.name) + self.server.shutdown() + print("dns_hub[%s]: after shutdown()" % self.name) + +class UDPV4Server(sserver.UDPServer): + address_family = socket.AF_INET + +class UDPV6Server(sserver.UDPServer): + address_family = socket.AF_INET6 + +def main(): + if len(sys.argv) < 4: + print("Usage: dns_hub.py TIMEOUT LISTENADDRESS[,LISTENADDRESS,...] MAPPING[,MAPPING,...]") + sys.exit(1) + + timeout = int(sys.argv[1]) * 1000 + timeout = min(timeout, 2**31 - 1) # poll with 32-bit int can't take more + # we pass in the listen addresses as a comma-separated string. + listenaddresses = sys.argv[2].split(',') + # we pass in the realm-to-IP mappings as a comma-separated key=value + # string. Convert this back into a dictionary that the DnsHandler can use + realm_mappings = collections.OrderedDict(kv.split('=') for kv in sys.argv[3].split(',')) + + def prepare_server_thread(listenaddress, realm_mappings): + + flags = socket.AddressInfo.AI_NUMERICHOST + flags |= socket.AddressInfo.AI_NUMERICSERV + flags |= socket.AddressInfo.AI_PASSIVE + addr_info = socket.getaddrinfo(listenaddress, int(53), + type=socket.SocketKind.SOCK_DGRAM, + flags=flags) + assert len(addr_info) == 1 + if addr_info[0][0] == socket.AddressFamily.AF_INET6: + server = UDPV6Server(addr_info[0][4], DnsHandler) + else: + server = UDPV4Server(addr_info[0][4], DnsHandler) + + # we pass in the realm-to-IP mappings as a comma-separated key=value + # string. Convert this back into a dictionary that the DnsHandler can use + server.realm_to_ip_mappings = realm_mappings + t = server_thread(server, name="UDP[%s]" % listenaddress) + return t + + print("dns_hub will proxy DNS requests for the following realms:") + for realm, ip in realm_mappings.items(): + print(" {0} ==> {1}".format(realm, ip)) + + print("dns_hub will listen on the following UDP addresses:") + threads = [] + for listenaddress in listenaddresses: + print(" %s" % listenaddress) + t = prepare_server_thread(listenaddress, realm_mappings) + threads.append(t) + + for t in threads: + t.start() + p = select.poll() + stdin = sys.stdin.fileno() + p.register(stdin, select.POLLIN) + p.poll(timeout) + print("dns_hub: after poll()") + for t in threads: + t.stop() + for t in threads: + t.join() + print("dns_hub: before exit()") + sys.exit(0) + +main() diff --git a/selftest/tests.py b/selftest/tests.py new file mode 100644 index 0000000..58dffe4 --- /dev/null +++ b/selftest/tests.py @@ -0,0 +1,477 @@ +#!/usr/bin/python +# This script generates a list of testsuites that should be run as part of +# the Samba test suite. + +# The output of this script is parsed by selftest.pl, which then decides +# which of the tests to actually run. It will, for example, skip all tests +# listed in selftest/skip or only run a subset during "make quicktest". + +# The idea is that this script outputs all of the tests of Samba, not +# just those that are known to pass, and list those that should be skipped +# or are known to fail in selftest/skip or selftest/knownfail. This makes it +# very easy to see what functionality is still missing in Samba and makes +# it possible to run the testsuite against other servers, such as +# Windows that have a different set of features. + +# The syntax for a testsuite is "-- TEST --" on a single line, followed +# by the name of the test, the environment it needs and the command to run, all +# three separated by newlines. All other lines in the output are considered +# comments. + +import os, tempfile +from selftesthelpers import bindir, srcdir, python +from selftesthelpers import planpythontestsuite, samba4srcdir +from selftesthelpers import plantestsuite, bbdir +from selftesthelpers import configuration, valgrindify +from selftesthelpers import skiptestsuite + +try: + config_h = os.environ["CONFIG_H"] +except KeyError: + samba4bindir = bindir() + config_h = os.path.join(samba4bindir, "default/include/config.h") + +# check available features +config_hash = dict() +f = open(config_h, 'r') +try: + lines = f.readlines() + config_hash = dict((x[0], ' '.join(x[1:])) + for x in map(lambda line: line.strip().split(' ')[1:], + list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))) +finally: + f.close() + +have_man_pages_support = ("XSLTPROC_MANPAGES" in config_hash) +with_pam = ("WITH_PAM" in config_hash) +with_elasticsearch_backend = ("HAVE_SPOTLIGHT_BACKEND_ES" in config_hash) +pam_wrapper_so_path = config_hash.get("LIBPAM_WRAPPER_SO_PATH") +pam_set_items_so_path = config_hash.get("PAM_SET_ITEMS_SO_PATH") +have_heimdal_support = "SAMBA4_USES_HEIMDAL" in config_hash +using_system_gssapi = "USING_SYSTEM_GSSAPI" in config_hash + +planpythontestsuite("none", "samba.tests.source") +planpythontestsuite("none", "samba.tests.source_chars") + +if have_man_pages_support: + planpythontestsuite("none", "samba.tests.docs") + +try: + import testscenarios +except ImportError: + skiptestsuite("subunit", "testscenarios not available") +else: + planpythontestsuite("none", "subunit.tests.test_suite") +planpythontestsuite("none", "samba.tests.blackbox.ndrdump") +planpythontestsuite("none", "samba.tests.blackbox.check_output") +planpythontestsuite("none", "api", name="ldb.python", extra_path=['lib/ldb/tests/python']) +planpythontestsuite("none", "samba.tests.credentials") +planpythontestsuite("none", "samba.tests.registry") +planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth") +planpythontestsuite("none", "samba.tests.get_opt") +planpythontestsuite("none", "samba.tests.cred_opt") +planpythontestsuite("none", "samba.tests.security") +planpythontestsuite("none", "samba.tests.dcerpc.misc") +planpythontestsuite("none", "samba.tests.dcerpc.integer") +planpythontestsuite("none", "samba.tests.param") +planpythontestsuite("none", "samba.tests.upgrade") +planpythontestsuite("none", "samba.tests.core") +planpythontestsuite("none", "samba.tests.common") +planpythontestsuite("none", "samba.tests.provision") +planpythontestsuite("none", "samba.tests.password_quality") +planpythontestsuite("none", "samba.tests.strings") +planpythontestsuite("none", "samba.tests.netcmd") +planpythontestsuite("none", "samba.tests.dcerpc.rpc_talloc") +planpythontestsuite("none", "samba.tests.dcerpc.array") +planpythontestsuite("none", "samba.tests.dcerpc.string_tests") +planpythontestsuite("none", "samba.tests.hostconfig") +planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.messaging") +planpythontestsuite("none", "samba.tests.s3param") +planpythontestsuite("none", "samba.tests.s3passdb") +planpythontestsuite("none", "samba.tests.s3registry") +planpythontestsuite("none", "samba.tests.s3windb") +planpythontestsuite("none", "samba.tests.s3idmapdb") +planpythontestsuite("none", "samba.tests.samba3sam") +planpythontestsuite("none", "samba.tests.dsdb_api") +planpythontestsuite("none", "samba.tests.smbconf") +planpythontestsuite("none", "samba.tests.logfiles") +planpythontestsuite( + "none", "wafsamba.tests.test_suite", + extra_path=[os.path.join(samba4srcdir, "..", "buildtools"), + os.path.join(samba4srcdir, "..", "third_party", "waf")]) +planpythontestsuite("fileserver", "samba.tests.smbd_fuzztest") +planpythontestsuite("nt4_dc_smb1", "samba.tests.dcerpc.binding") +planpythontestsuite('ad_dc:local', "samba.tests.dcerpc.samr_change_password") +planpythontestsuite('ad_dc_fips:local', + "samba.tests.dcerpc.samr_change_password", + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + + +def cmdline(script, *args): + """ + Prefix PYTHON env var and append --configurefile option to abs script path. + + script.sh arg1 arg2 + --> + PYTHON=python /path/to/bbdir/script.sh arg1 arg2 \ + --configurefile $SMB_CONF_FILE + """ + return [ + "PYTHON=%s" % python, + os.path.join(bbdir, script), + ] + list(args) + [configuration] + + +plantestsuite( + "samba4.blackbox.demote-saveddb", "none", + cmdline('demote-saveddb.sh', '$PREFIX_ABS/demote')) + +plantestsuite( + "samba4.blackbox.dbcheck.alpha13", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'alpha13')) + +# same test as above but skip member link checks +plantestsuite( + "samba4.blackbox.dbcheck.alpha13.quick", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'alpha13', '--quick-membership-checks')) + +plantestsuite( + "samba4.blackbox.dbcheck.release-4-0-0", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-0-0')) + +# same test as above but skip member link checks +plantestsuite( + "samba4.blackbox.dbcheck.release-4-0-0.quick", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-0-0', '--quick-membership-checks')) + +plantestsuite( + "samba4.blackbox.dbcheck.release-4-1-0rc3", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-1-0rc3')) + +# same test as above but skip member link checks +plantestsuite( + "samba4.blackbox.dbcheck.release-4-1-0rc3.quick", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-1-0rc3', '--quick-membership-checks')) + +plantestsuite( + "samba4.blackbox.dbcheck.release-4-1-6-partial-object", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-1-6-partial-object')) + +# same test as above but skip member link checks +plantestsuite( + "samba4.blackbox.dbcheck.release-4-1-6-partial-object.quick", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-1-6-partial-object', '--quick-membership-checks')) + +plantestsuite( + "samba4.blackbox.dbcheck.release-4-5-0-pre1", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-5-0-pre1')) + +# same test as above but skip member link checks +plantestsuite( + "samba4.blackbox.dbcheck.release-4-5-0-pre1.quick", "none", + cmdline('dbcheck-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-5-0-pre1', '--quick-membership-checks')) + +plantestsuite( + "samba4.blackbox.upgradeprovision.alpha13", "none", + cmdline('upgradeprovision-oldrelease.sh', '$PREFIX_ABS/provision', + 'alpha13')) + +plantestsuite( + "samba4.blackbox.upgradeprovision.release-4-0-0", "none", + cmdline('upgradeprovision-oldrelease.sh', '$PREFIX_ABS/provision', + 'release-4-0-0')) + +plantestsuite( + "samba4.blackbox.tombstones-expunge.release-4-5-0-pre1", "none", + cmdline('tombstones-expunge.sh', '$PREFIX_ABS/provision', + 'release-4-5-0-pre1')) + +plantestsuite( + "samba4.blackbox.dbcheck-links.release-4-5-0-pre1", "none", + cmdline('dbcheck-links.sh', '$PREFIX_ABS/provision', + 'release-4-5-0-pre1')) + +plantestsuite( + "samba4.blackbox.runtime-links.release-4-5-0-pre1", "none", + cmdline('runtime-links.sh', '$PREFIX_ABS/provision', + 'release-4-5-0-pre1')) + +plantestsuite( + "samba4.blackbox.schemaupgrade", "none", + cmdline('schemaupgrade.sh', '$PREFIX_ABS/provision')) + +plantestsuite( + "samba4.blackbox.functionalprep", "none", + cmdline('functionalprep.sh', '$PREFIX_ABS/provision')) + +plantestsuite( + "samba4.blackbox.test_special_group", "none", + cmdline('test_special_group.sh', '$PREFIX_ABS/provision')) + +planpythontestsuite("none", "samba.tests.upgradeprovision") +planpythontestsuite("none", "samba.tests.xattr") +planpythontestsuite("none", "samba.tests.ntacls") +planpythontestsuite("none", "samba.tests.policy") +planpythontestsuite("none", "samba.tests.kcc.graph") +planpythontestsuite("none", "samba.tests.kcc.graph_utils") +planpythontestsuite("none", "samba.tests.kcc.ldif_import_export") +planpythontestsuite("none", "samba.tests.graph") +plantestsuite("wafsamba.duplicate_symbols", "none", [os.path.join(srcdir(), "buildtools/wafsamba/test_duplicate_symbol.sh")]) +planpythontestsuite("none", "samba.tests.glue") +planpythontestsuite("none", "samba.tests.tdb_util") +planpythontestsuite("none", "samba.tests.samdb") +planpythontestsuite("none", "samba.tests.samdb_api") +planpythontestsuite("none", "samba.tests.ndr") + +if with_pam: + env = "ad_member" + options = [ + { + "description": "krb5", + "pam_options": "krb5_auth krb5_ccache_type=FILE:%s/krb5cc_pam_test_%%u" % (tempfile.gettempdir()), + }, + { + "description": "default", + "pam_options": "", + }, + ] + for o in options: + description = o["description"] + pam_options = "'%s'" % o["pam_options"] + + plantestsuite("samba.tests.pam_winbind(local+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$SERVER", "$USERNAME", "$PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(domain1+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$DOMAIN", "$DC_USERNAME", "$DC_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(domain2+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$REALM", "$DC_USERNAME", "$DC_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(domain3+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "''", "${DC_USERNAME}@${DOMAIN}", "$DC_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(domain4+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "''", "${DC_USERNAME}@${REALM}", "$DC_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(domain5+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$REALM", "${DC_USERNAME}@${DOMAIN}", "$DC_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(domain6+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$DOMAIN", "${DC_USERNAME}@${REALM}", "$DC_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_f_both1+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$TRUST_F_BOTH_DOMAIN", + "$TRUST_F_BOTH_USERNAME", + "$TRUST_F_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_f_both2+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$TRUST_F_BOTH_REALM", + "$TRUST_F_BOTH_USERNAME", + "$TRUST_F_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_f_both3+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "''", + "${TRUST_F_BOTH_USERNAME}@${TRUST_F_BOTH_DOMAIN}", + "$TRUST_F_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_f_both4+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "''", + "${TRUST_F_BOTH_USERNAME}@${TRUST_F_BOTH_REALM}", + "$TRUST_F_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_f_both5+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "${TRUST_F_BOTH_REALM}", + "${TRUST_F_BOTH_USERNAME}@${TRUST_F_BOTH_DOMAIN}", + "$TRUST_F_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_f_both6+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "${TRUST_F_BOTH_DOMAIN}", + "${TRUST_F_BOTH_USERNAME}@${TRUST_F_BOTH_REALM}", + "$TRUST_F_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_e_both1+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$TRUST_E_BOTH_DOMAIN", + "$TRUST_E_BOTH_USERNAME", + "$TRUST_E_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_e_both2+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "$TRUST_E_BOTH_REALM", + "$TRUST_E_BOTH_USERNAME", + "$TRUST_E_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_e_both3+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "''", + "${TRUST_E_BOTH_USERNAME}@${TRUST_E_BOTH_DOMAIN}", + "$TRUST_E_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_e_both4+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "''", + "${TRUST_E_BOTH_USERNAME}@${TRUST_E_BOTH_REALM}", + "$TRUST_E_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_e_both5+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "${TRUST_E_BOTH_REALM}", + "${TRUST_E_BOTH_USERNAME}@${TRUST_E_BOTH_DOMAIN}", + "$TRUST_E_BOTH_PASSWORD", + pam_options]) + plantestsuite("samba.tests.pam_winbind(trust_e_both6+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind.sh"), + valgrindify(python), pam_wrapper_so_path, + "${TRUST_E_BOTH_DOMAIN}", + "${TRUST_E_BOTH_USERNAME}@${TRUST_E_BOTH_REALM}", + "$TRUST_E_BOTH_PASSWORD", + pam_options]) + + for authtok_options in ["", "use_authtok", "try_authtok"]: + _pam_options = "'%s %s'" % (o["pam_options"], authtok_options) + _description = "%s %s" % (description, authtok_options) + plantestsuite("samba.tests.pam_winbind_chauthtok(domain+%s)" % _description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_chauthtok.sh"), + valgrindify(python), pam_wrapper_so_path, pam_set_items_so_path, + "$DOMAIN", "TestPamOptionsUser", "oldp@ssword0", "newp@ssword0", + _pam_options, 'yes', + "$DC_SERVER", "$DC_USERNAME", "$DC_PASSWORD"]) + + plantestsuite("samba.tests.pam_winbind_warn_pwd_expire(domain+%s)" % description, env, + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_warn_pwd_expire.sh"), + valgrindify(python), pam_wrapper_so_path, + "$DOMAIN", "alice", "Secret007", + pam_options]) + + description = "krb5" + pam_options = "'krb5_auth krb5_ccache_type=FILE:%s/krb5cc_pam_test_setcred_%%u'" % (tempfile.gettempdir()) + plantestsuite("samba.tests.pam_winbind_setcred(domain+%s)" % description, "ad_dc:local", + [os.path.join(srcdir(), "python/samba/tests/test_pam_winbind_setcred.sh"), + valgrindify(python), pam_wrapper_so_path, + "${DOMAIN}", "${DC_USERNAME}", "${DC_PASSWORD}", + pam_options]) + + +plantestsuite("samba.unittests.krb5samba", "none", + [os.path.join(bindir(), "default/testsuite/unittests/test_krb5samba")]) +plantestsuite("samba.unittests.lib_util_modules", "none", + [os.path.join(bindir(), "default/testsuite/unittests/test_lib_util_modules")]) +plantestsuite("samba.unittests.background_send", + "none", + [os.path.join( + bindir(), + "default/testsuite/unittests/test_background_send"), + "$SMB_CONF_PATH"]) + +plantestsuite("samba.unittests.smb1cli_session", "none", + [os.path.join(bindir(), "default/libcli/smb/test_smb1cli_session")]) +plantestsuite("samba.unittests.smb_util_translate", "none", + [os.path.join(bindir(), "default/libcli/smb/test_util_translate")]) + +plantestsuite("samba.unittests.talloc_keep_secret", "none", + [os.path.join(bindir(), "default/lib/util/test_talloc_keep_secret")]) + +plantestsuite("samba.unittests.tldap", "none", + [os.path.join(bindir(), "default/source3/test_tldap")]) +plantestsuite("samba.unittests.rfc1738", "none", + [os.path.join(bindir(), "default/lib/util/test_rfc1738")]) +plantestsuite("samba.unittests.kerberos", "none", + [os.path.join(bindir(), "test_kerberos")]) +plantestsuite("samba.unittests.ms_fnmatch", "none", + [os.path.join(bindir(), "default/lib/util/test_ms_fnmatch")]) +plantestsuite("samba.unittests.byteorder", "none", + [os.path.join(bindir(), "default/lib/util/test_byteorder")]) +plantestsuite("samba.unittests.bytearray", "none", + [os.path.join(bindir(), "default/lib/util/test_bytearray")]) +plantestsuite("samba.unittests.byteorder_verify", "none", + [os.path.join(bindir(), "default/lib/util/test_byteorder_verify")]) +plantestsuite("samba.unittests.util_paths", "none", + [os.path.join(bindir(), "default/lib/util/test_util_paths")]) +plantestsuite("samba.unittests.util", "none", + [os.path.join(bindir(), "default/lib/util/test_util")]) +plantestsuite("samba.unittests.memcache", "none", + [os.path.join(bindir(), "default/lib/util/test_memcache")]) +plantestsuite("samba.unittests.sys_rw", "none", + [os.path.join(bindir(), "default/lib/util/test_sys_rw")]) +plantestsuite("samba.unittests.ntlm_check", "none", + [os.path.join(bindir(), "default/libcli/auth/test_ntlm_check")]) +plantestsuite("samba.unittests.gnutls", "none", + [os.path.join(bindir(), "default/libcli/auth/test_gnutls")]) +plantestsuite("samba.unittests.rc4_passwd_buffer", "none", + [os.path.join(bindir(), "default/libcli/auth/test_rc4_passwd_buffer")]) +plantestsuite("samba.unittests.schannel", "none", + [os.path.join(bindir(), "default/libcli/auth/test_schannel")]) +plantestsuite("samba.unittests.test_registry_regfio", "none", + [os.path.join(bindir(), "default/source3/test_registry_regfio")]) +plantestsuite("samba.unittests.test_oLschema2ldif", "none", + [os.path.join(bindir(), "default/source4/utils/oLschema2ldif/test_oLschema2ldif")]) +plantestsuite("samba.unittests.auth.sam", "none", + [os.path.join(bindir(), "test_auth_sam")]) +if have_heimdal_support and not using_system_gssapi: + plantestsuite("samba.unittests.auth.heimdal_gensec_unwrap_des", "none", + [valgrindify(os.path.join(bindir(), "test_heimdal_gensec_unwrap_des"))]) +if with_elasticsearch_backend: + plantestsuite("samba.unittests.mdsparser_es", "none", + [os.path.join(bindir(), "default/source3/test_mdsparser_es")] + [configuration]) + plantestsuite("samba.unittests.mdsparser_es_failures", "none", + [os.path.join(bindir(), "default/source3/test_mdsparser_es"), + " --option=elasticsearch:testmappingfailures=yes", + " --option=elasticsearch:ignoreunknownattribute=yes", + " --option=elasticsearch:ignoreunknowntype=yes"] + + [configuration]) +plantestsuite("samba.unittests.credentials", "none", + [os.path.join(bindir(), "default/auth/credentials/test_creds")]) +plantestsuite("samba.unittests.tsocket_bsd_addr", "none", + [os.path.join(bindir(), "default/lib/tsocket/test_tsocket_bsd_addr")]) +plantestsuite("samba.unittests.tsocket_tstream", "none", + [os.path.join(bindir(), "default/lib/tsocket/test_tstream")], + environ={'SOCKET_WRAPPER_DIR': ''}) +plantestsuite("samba.unittests.adouble", "none", + [os.path.join(bindir(), "test_adouble")]) +plantestsuite("samba.unittests.gnutls_aead_aes_256_cbc_hmac_sha512", "none", + [os.path.join(bindir(), "test_gnutls_aead_aes_256_cbc_hmac_sha512")]) +plantestsuite("samba.unittests.encode_decode", "none", + [os.path.join(bindir(), "test_encode_decode")]) diff --git a/selftest/todo_smb2_tests_to_port.list b/selftest/todo_smb2_tests_to_port.list new file mode 100644 index 0000000..dc1df96 --- /dev/null +++ b/selftest/todo_smb2_tests_to_port.list @@ -0,0 +1,404 @@ +# entries generated from the output of the following command(s) +# saved to a file and the results sorted +# +# python3 source3/selftest/tests.py | grep "^samba" \ +# | grep _smb1 | grep -v _done +# python3 source4/selftest/tests.py | grep "^samba" \ +# | grep _smb1 | grep -v _done +# python3 selftest/tests.py | grep "^samba" \ +# | grep _smb1 | grep -v _done +# +# Tests that are ported should be moved to approriate _smb1_done +# test environment and the entry removed from here +samba3.base.attr(ad_dc_smb1) +samba3.base.attr(nt4_dc_smb1) +samba3.base.chkpath(ad_dc_smb1) +samba3.base.chkpath(nt4_dc_smb1) +samba3.base.createx_access(ad_dc_smb1) +samba3.base.defer_open(ad_dc_smb1) +samba3.base.defer_open(nt4_dc_smb1) +samba3.base.delaywrite(fileserver_smb1) +samba3.base.delete(ad_dc_smb1) +samba3.base.delete(nt4_dc_smb1) +samba3.base.deny1(fileserver_smb1) +samba3.base.deny2(fileserver_smb1) +samba3.base.deny3(ad_dc_smb1) +samba3.base.deny3(nt4_dc_smb1) +samba3.base.denydos(ad_dc_smb1) +samba3.base.denydos(nt4_dc_smb1) +samba3.base.dir1(ad_dc_smb1) +samba3.base.dir1(nt4_dc_smb1) +samba3.base.dir2(ad_dc_smb1) +samba3.base.dir2(nt4_dc_smb1) +samba3.base.disconnect(ad_dc_smb1) +samba3.base.disconnect(nt4_dc_smb1) +samba3.base.fdpass(ad_dc_smb1) +samba3.base.fdpass(nt4_dc_smb1) +samba3.base.lock(nt4_dc_smb1) +samba3.base.negnowait(ad_dc_smb1) +samba3.base.negnowait(nt4_dc_smb1) +samba3.base.ntdeny1(ad_dc_smb1) +samba3.base.ntdeny1(nt4_dc_smb1) +samba3.base.ntdeny2(ad_dc_smb1) +samba3.base.ntdeny2(nt4_dc_smb1) +samba3.base.open(ad_dc_smb1) +samba3.base.openattr(ad_dc_smb1) +samba3.base.openattr(nt4_dc_smb1) +samba3.base.open(nt4_dc_smb1) +samba3.base.properties(ad_dc_smb1) +samba3.base.properties(nt4_dc_smb1) +samba3.base.rename(ad_dc_smb1) +samba3.base.rename(nt4_dc_smb1) +samba3.base.rw1(ad_dc_smb1) +samba3.base.rw1(nt4_dc_smb1) +samba3.base.samba3error(ad_dc_smb1) +samba3.base.samba3error(nt4_dc_smb1) +samba3.base.secleak(ad_dc_smb1) +samba3.base.secleak(nt4_dc_smb1) +samba3.base.tcondev(ad_dc_smb1) +samba3.base.tcondev(nt4_dc_smb1) +samba3.base.trans2(ad_dc_smb1) +samba3.base.trans2(nt4_dc_smb1) +samba3.base.unlink(ad_dc_smb1) +samba3.base.unlink(nt4_dc_smb1) +samba3.base.vuid(ad_dc_smb1) +samba3.base.vuid(nt4_dc_smb1) +samba3.base.xcopy(ad_dc_smb1) +samba3.base.xcopy(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain..member_creds(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain.(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain.--option=clientntlmv2auth=no.member_creds(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain.--option=clientntlmv2auth=no(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain.--option=clientusespnego=no --option=clientntlmv2auth=no.member_creds(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain.--option=clientusespnego=no --option=clientntlmv2auth=no -mNT1.member_creds(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain.--option=clientusespnego=no --option=clientntlmv2auth=no -mNT1(nt4_dc_smb1) +samba3.blackbox.smbclient_auth.plain.--option=clientusespnego=no --option=clientntlmv2auth=no(nt4_dc_smb1) +samba3.blackbox.smbclient_basic.NT1(nt4_dc_smb1) +samba3.blackbox.smbspool(ad_dc_smb1) +samba3.nbt.dgram(nt4_dc_smb1) +samba3.rap.basic(ad_dc_smb1) +samba3.rap.basic(nt4_dc_smb1) +samba3.rap.rpc(ad_dc_smb1) +samba3.rap.rpc(nt4_dc_smb1) +samba3.rap.sam(ad_dc_smb1) +samba3.rap.sam(nt4_dc_smb1) +samba3.raw.acls(ad_dc_smb1) +samba3.raw.acls nfs4acl_xattr-nfs-40(nt4_dc_smb1) +samba3.raw.acls nfs4acl_xattr-nfs-41(nt4_dc_smb1) +samba3.raw.acls nfs4acl_xattr-simple-40(nt4_dc_smb1) +samba3.raw.acls nfs4acl_xattr-simple-41(nt4_dc_smb1) +samba3.raw.acls nfs4acl_xattr-special-40(nt4_dc_smb1) +samba3.raw.acls nfs4acl_xattr-xdr-40(nt4_dc_smb1) +samba3.raw.acls nfs4acl_xattr-xdr-41(nt4_dc_smb1) +samba3.raw.acls(nt4_dc_smb1) +samba3.raw.chkpath(ad_dc_smb1) +samba3.raw.chkpath(nt4_dc_smb1) +samba3.raw.close(ad_dc_smb1) +samba3.raw.close(nt4_dc_smb1) +samba3.raw.composite(ad_dc_smb1) +samba3.raw.composite(nt4_dc_smb1) +samba3.raw.eas(ad_dc_smb1) +samba3.raw.eas(nt4_dc_smb1) +samba3.raw.lock(nt4_dc_smb1) +samba3.raw.notify(nt4_dc_smb1) +samba3.raw.open(ad_dc_smb1) +samba3.raw.open(nt4_dc_smb1) +samba3.raw.oplock(nt4_dc_smb1) +samba3.raw.read(ad_dc_smb1) +samba3.raw.read aio(nt4_dc_smb1) +samba3.raw.read(nt4_dc_smb1) +samba3.raw.rename(ad_dc_smb1) +samba3.raw.rename(nt4_dc_smb1) +samba3.raw.samba3badnameblob(ad_dc_smb1) +samba3.raw.samba3badnameblob(nt4_dc_smb1) +samba3.raw.samba3badpath(ad_dc_smb1) +samba3.raw.samba3badpath(nt4_dc_smb1) +samba3.raw.samba3caseinsensitive(ad_dc_smb1) +samba3.raw.samba3caseinsensitive(nt4_dc_smb1) +samba3.raw.samba3checkfsp(ad_dc_smb1) +samba3.raw.samba3checkfsp(fileserver_smb1) +samba3.raw.samba3checkfsp(nt4_dc_smb1) +samba3.raw.samba3closeerr(ad_dc_smb1) +samba3.raw.samba3closeerr(fileserver_smb1) +samba3.raw.samba3closeerr(nt4_dc_smb1) +samba3.raw.samba3hide(ad_dc_smb1) +samba3.raw.samba3hide(fileserver_smb1) +samba3.raw.samba3hide(nt4_dc_smb1) +samba3.raw.samba3oplocklogoff(ad_dc_smb1) +samba3.raw.samba3oplocklogoff(nt4_dc_smb1) +samba3.raw.samba3posixtimedlock(ad_dc_smb1) +samba3.raw.samba3posixtimedlock brl_delay_inject1(nt4_dc_smb1) +samba3.raw.samba3posixtimedlock brl_delay_inject2(nt4_dc_smb1) +samba3.raw.samba3posixtimedlock(nt4_dc_smb1) +samba3.raw.samba3rootdirfid(ad_dc_smb1) +samba3.raw.samba3rootdirfid(nt4_dc_smb1) +samba3.raw.search(ad_dc_smb1) +samba3.raw.search(nt4_dc_smb1) +samba3.raw.seek(ad_dc_smb1) +samba3.raw.seek(nt4_dc_smb1) +samba3.raw.session enc(nt4_dc_smb1) +samba3.raw.session krb5(ad_dc_smb1) +samba3.raw.session ntlm(ad_dc_smb1) +samba3.raw.session plain(nt4_dc_smb1) +samba3.raw.sfileinfo.bug(ad_dc_smb1) +samba3.raw.sfileinfo.bug(nt4_dc_smb1) +samba3.raw.sfileinfo.end-of-file(ad_dc_smb1) +samba3.raw.sfileinfo.end-of-file(nt4_dc_smb1) +samba3.raw.sfileinfo.rename(ad_dc_smb1) +samba3.raw.sfileinfo.rename(nt4_dc_smb1) +samba3.raw.streams(ad_dc_smb1) +samba3.raw.streams(nt4_dc_smb1) +samba3.raw.unlink(ad_dc_smb1) +samba3.raw.unlink(nt4_dc_smb1) +samba3.raw.write(ad_dc_smb1) +samba3.raw.write(nt4_dc_smb1) +samba3.rpc.authcontext(ad_dc_smb1) +samba3.rpc.authcontext(nt4_dc_smb1) +samba3.rpc.join(ad_dc_smb1) +samba3.rpc.join(nt4_dc_smb1) +samba3.rpc.samba3.bind(ad_dc_smb1) +samba3.rpc.samba3.bind(nt4_dc_smb1) +samba3.rpc.samba3.getusername(ad_dc_smb1) +samba3.rpc.samba3.getusername(nt4_dc_smb1) +samba3.rpc.samba3.netlogon(ad_dc_smb1) +samba3.rpc.samba3.netlogon(nt4_dc_smb1) +samba3.rpc.samba3.sessionkey(ad_dc_smb1) +samba3.rpc.samba3.sessionkey(nt4_dc_smb1) +samba3.rpc.samba3.sharesec(ad_dc_smb1) +samba3.rpc.samba3.sharesec(nt4_dc_smb1) +samba3.rpc.samba3.smb1-pipe-name(ad_dc_smb1) +samba3.rpc.samba3.smb1-pipe-name(nt4_dc_smb1) +samba3.rpc.samba3.smb-reauth1(ad_dc_smb1) +samba3.rpc.samba3.smb-reauth1(nt4_dc_smb1) +samba3.rpc.samba3.smb-reauth2(ad_dc_smb1) +samba3.rpc.samba3.smb-reauth2(nt4_dc_smb1) +samba3.rpc.samba3.spoolss(ad_dc_smb1) +samba3.rpc.samba3.spoolss(nt4_dc_smb1) +samba3.rpc.samba3.wkssvc(ad_dc_smb1) +samba3.rpc.samba3.wkssvc(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.ATTR(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.BAD-NBT-SESSION(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.BROWSE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CASE-INSENSITIVE-CREATE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CHAIN1(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CHAIN2(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CHAIN3(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CHKPATH(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CLEANUP1(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CLEANUP2(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CLEANUP4(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.CLI_SPLICE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.DELETE-LN(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.DELETE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.DELETE-STREAM(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.DIR1(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.DIR-CREATETIME(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.DIR(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.FDPASS(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.FDSESS(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.IOCTL(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LARGE_READX(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK10(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK11(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK12(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK13(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK1(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK2(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK3(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK4(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK5(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK6(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK7(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK9A(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.LOCK9B(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.NTTRANS-FSCTL(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.OPEN(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.OPLOCK1(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.OPLOCK2(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.OPLOCK4(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.OWNER-RIGHTS(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.PIDHIGH(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.PROPERTIES(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.RENAME-ACCESS(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.RENAME(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.RW1(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.RW2(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.RW3(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.RW-SIGNING(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-ANONYMOUS(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-BASIC(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-DIR-FSYNC(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-FTRUNCATE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-NEGPROT(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-PATH-SLASH(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-SESSION-REAUTH(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.SMB2-SESSION-RECONNECT(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.STREAMERROR(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.TCON2(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.TCONDEV(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.TCON(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.TORTURE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.TRANS2(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.UID-REGRESSION-TEST(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.UNLINK(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.W2K(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_client.XCOPY(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-ACL-OPLOCK(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-ACL-SHAREROOT(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-APPEND(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-BLOCKING-LOCK(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-MKDIR(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-OFD-LOCK(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-STREAM-DELETE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-SYMLINK-ACL(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.POSIX-SYMLINK-EA(nt4_dc_smb1) +samba3.smbtorture_s3.crypt_server.TORTURE(nt4_dc_smb1) +samba3.smbtorture_s3.crypt.WINDOWS-BAD-SYMLINK(nt4_dc_smb1) +samba3.smbtorture_s3.hidenewfiles(fileserver_smb1)(fileserver_smb1) +samba3.smbtorture_s3.plain.ATTR(fileserver_smb1) +samba3.smbtorture_s3.plain.BAD-NBT-SESSION(fileserver_smb1) +samba3.smbtorture_s3.plain.BROWSE(fileserver_smb1) +samba3.smbtorture_s3.plain.CASE-INSENSITIVE-CREATE(fileserver_smb1) +samba3.smbtorture_s3.plain.CHAIN1(fileserver_smb1) +samba3.smbtorture_s3.plain.CHAIN2(fileserver_smb1) +samba3.smbtorture_s3.plain.CHAIN3(fileserver_smb1) +samba3.smbtorture_s3.plain.CHKPATH(fileserver_smb1) +samba3.smbtorture_s3.plain.CLEANUP1(fileserver_smb1) +samba3.smbtorture_s3.plain.CLEANUP2(fileserver_smb1) +samba3.smbtorture_s3.plain.CLEANUP4(fileserver_smb1) +samba3.smbtorture_s3.plain.CLI_SPLICE(fileserver_smb1) +samba3.smbtorture_s3.plain.DELETE(fileserver_smb1) +samba3.smbtorture_s3.plain.DELETE-LN(fileserver_smb1) +samba3.smbtorture_s3.plain.DELETE-STREAM(fileserver_smb1) +samba3.smbtorture_s3.plain.DIR1(fileserver_smb1) +samba3.smbtorture_s3.plain.DIR-CREATETIME(fileserver_smb1) +samba3.smbtorture_s3.plain.DIR(fileserver_smb1) +samba3.smbtorture_s3.plain.FDPASS(fileserver_smb1) +samba3.smbtorture_s3.plain.FDSESS(fileserver_smb1) +samba3.smbtorture_s3.plain.IOCTL(fileserver_smb1) +samba3.smbtorture_s3.plain.LARGE_READX(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK10(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK11(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK12(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK13(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK1(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK2(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK3(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK4(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK5(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK6(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK7(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK9A(fileserver_smb1) +samba3.smbtorture_s3.plain.LOCK9B(fileserver_smb1) +samba3.smbtorture_s3.plain.MANGLE-ILLEGAL(nt4_dc_smb1) +samba3.smbtorture_s3.plain.NTTRANS-FSCTL(fileserver_smb1) +samba3.smbtorture_s3.plain.OPEN(fileserver_smb1) +samba3.smbtorture_s3.plain.OPLOCK1(fileserver_smb1) +samba3.smbtorture_s3.plain.OPLOCK2(fileserver_smb1) +samba3.smbtorture_s3.plain.OPLOCK4(fileserver_smb1) +samba3.smbtorture_s3.plain.OPLOCK5(fileserver_smb1) +samba3.smbtorture_s3.plain.OWNER-RIGHTS(fileserver_smb1) +samba3.smbtorture_s3.plain.PIDHIGH(fileserver_smb1) +samba3.smbtorture_s3.plain.POSIX-ACL-OPLOCK(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-ACL-SHAREROOT(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-APPEND(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-MKDIR(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-OFD-LOCK(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-STREAM-DELETE(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-SYMLINK-ACL(nt4_dc_smb1) +samba3.smbtorture_s3.plain.POSIX-SYMLINK-EA(nt4_dc_smb1) +samba3.smbtorture_s3.plain.PROPERTIES(fileserver_smb1) +samba3.smbtorture_s3.plain.RENAME-ACCESS(nt4_dc_smb1) +samba3.smbtorture_s3.plain.RENAME(fileserver_smb1) +samba3.smbtorture_s3.plain.RW1(fileserver_smb1) +samba3.smbtorture_s3.plain.RW2(fileserver_smb1) +samba3.smbtorture_s3.plain.RW3(fileserver_smb1) +samba3.smbtorture_s3.plain.RW-SIGNING(fileserver_smb1) +samba3.smbtorture_s3.plain.STREAMERROR(fileserver_smb1) +samba3.smbtorture_s3.plain.TCON2(fileserver_smb1) +samba3.smbtorture_s3.plain.TCONDEV(fileserver_smb1) +samba3.smbtorture_s3.plain.TCON(fileserver_smb1) +samba3.smbtorture_s3.plain.TORTURE(fileserver_smb1) +samba3.smbtorture_s3.plain.TRANS2(fileserver_smb1) +samba3.smbtorture_s3.plain.UID-REGRESSION-TEST(fileserver_smb1) +samba3.smbtorture_s3.plain.UNLINK(fileserver_smb1) +samba3.smbtorture_s3.plain.W2K(fileserver_smb1) +samba3.smbtorture_s3.plain.WINDOWS-BAD-SYMLINK(nt4_dc_smb1) +samba3.smbtorture_s3.plain.XCOPY(fileserver_smb1) +samba3.smbtorture_s3.vfs_aio_fork(fileserver_smb1).RW1(fileserver_smb1) +samba3.smbtorture_s3.vfs_aio_fork(fileserver_smb1).RW2(fileserver_smb1) +samba3.smbtorture_s3.vfs_aio_fork(fileserver_smb1).RW3(fileserver_smb1) +samba3.smbtorture_s3.vfs_aio_pthread(fileserver_smb1).RW1(fileserver_smb1) +samba3.smbtorture_s3.vfs_aio_pthread(fileserver_smb1).RW2(fileserver_smb1) +samba3.smbtorture_s3.vfs_aio_pthread(fileserver_smb1).RW3(fileserver_smb1) +samba3.unix.info2(ad_dc_smb1) +samba3.unix.info2(nt4_dc_smb1) +samba3.unix.whoami(ad_dc_smb1) +samba3.unix.whoami anonymous connection(ad_dc_smb1) +samba3.unix.whoami anonymous connection(nt4_dc_smb1) +samba3.unix.whoami kerberos connection(ad_dc_smb1) +samba3.unix.whoami machine account(ad_dc_smb1:local) +samba3.unix.whoami(nt4_dc_smb1) +samba3.unix.whoami ntlm user@realm(ad_dc_smb1) +samba4.dfs.domain(ad_dc_smb1) +samba4.ldap.nested-search(ad_dc_default_smb1) +samba4.ldap.passwordsettings.python(ad_dc_default_smb1) +samba4.non_unix_ext.libsmbclient.configuration.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.initialize.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.list_shares.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.opendir.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.options.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.readdirplus2.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.readdirplus.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.readdirplus_seek.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.setConfiguration.NT1(nt4_dc_smb1) +samba4.non_unix_ext.libsmbclient.version.NT1(nt4_dc_smb1) +samba4.rpc.altercontext on ncacn_np with bigendian(ad_dc_default_smb1) +samba4.rpc.altercontext on ncacn_np with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.altercontext on ncalrpc with bigendian(ad_dc_default_smb1:local) +samba4.rpc.altercontext on ncalrpc with seal,padcheck(ad_dc_default_smb1:local) +samba4.rpc.authcontext with bigendian(ad_dc_smb1) +samba4.rpc.authcontext with seal,padcheck(ad_dc_smb1) +samba4.rpc.drsuapi on ncacn_ip_tcp with bigendian(ad_dc_default_smb1) +samba4.rpc.drsuapi on ncacn_ip_tcp with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.drsuapi_w2k8 on ncacn_ip_tcp with bigendian(ad_dc_default_smb1) +samba4.rpc.drsuapi_w2k8 on ncacn_ip_tcp with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.dssetup on ncacn_ip_tcp with bigendian(ad_dc_default_smb1) +samba4.rpc.dssetup on ncacn_ip_tcp with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.dssetup on ncacn_np with bigendian(ad_dc_default_smb1) +samba4.rpc.dssetup on ncacn_np with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.dssetup on ncalrpc with bigendian(ad_dc_default_smb1:local) +samba4.rpc.dssetup on ncalrpc with seal,padcheck(ad_dc_default_smb1:local) +samba4.rpc.join on ncacn_ip_tcp with bigendian(ad_dc_default_smb1) +samba4.rpc.join on ncacn_ip_tcp with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.join on ncacn_np with bigendian(ad_dc_default_smb1) +samba4.rpc.join on ncacn_np with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.join on ncalrpc with bigendian(ad_dc_default_smb1:local) +samba4.rpc.join on ncalrpc with seal,padcheck(ad_dc_default_smb1:local) +samba4.rpc.join with bigendian(ad_dc_smb1) +samba4.rpc.join with seal,padcheck(ad_dc_smb1) +samba4.rpc.lsa on ncacn_ip_tcp with bigendian(ad_dc_default_smb1) +samba4.rpc.lsa on ncacn_ip_tcp with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.lsa on ncacn_np with bigendian(ad_dc_default_smb1) +samba4.rpc.lsa on ncacn_np with seal,padcheck(ad_dc_default_smb1) +samba4.rpc.lsa on ncalrpc with bigendian(ad_dc_default_smb1:local) +samba4.rpc.lsa on ncalrpc with seal,padcheck(ad_dc_default_smb1:local) +samba4.smb.spnego.krb5.no_optimistic(ad_dc_smb1) +samba4.smb.spnego.ntlmssp.no_optimistic(ad_dc_smb1) +samba4.unix_ext.libsmbclient.configuration.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.initialize.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.list_shares.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.opendir.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.options.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.readdirplus2.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.readdirplus.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.readdirplus_seek.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.setConfiguration.NT1(nt4_dc_smb1) +samba4.unix_ext.libsmbclient.version.NT1(nt4_dc_smb1) +samba.tests.auth_log(ad_dc_smb1:local) +samba.tests.auth_log_pass_change(ad_dc_smb1) +samba.tests.libsmb(nt4_dc_smb1) +samba.tests.net_join_no_spnego(ad_dc_smb1) diff --git a/selftest/ubsan.supp b/selftest/ubsan.supp new file mode 100644 index 0000000..5b7730c --- /dev/null +++ b/selftest/ubsan.supp @@ -0,0 +1,6 @@ +# Suppress the +# "left shift of x by y places cannot be represented in type 'int'" +# in the heimdal code for now. +shift-base:../../third_party/heimdal/lib/hcrypto/des.c +shift-base:../../third_party/heimdal/lib/krb5/crypto.c + diff --git a/selftest/valgrind_run b/selftest/valgrind_run new file mode 100755 index 0000000..f06fa86 --- /dev/null +++ b/selftest/valgrind_run @@ -0,0 +1,13 @@ +#!/bin/sh + +ENV="$1" + +shift 1 + +CMD="$ENV valgrind --num-callers=30 +--trace-children=yes --log-file=valgrind.%p.log +${VALGRIND_OPT- --time-stamp=yes --track-fds=yes --read-var-info=yes --track-origins=yes --leak-check=yes} +$@" + +echo $CMD +eval $CMD diff --git a/selftest/wscript b/selftest/wscript new file mode 100644 index 0000000..a8b6d45 --- /dev/null +++ b/selftest/wscript @@ -0,0 +1,381 @@ +#!/usr/bin/env python +# vim: expandtab ft=python + +# selftest main code. + +import sys +import os +import optparse +from waflib import Scripting, Options, Utils +from waflib.ConfigSet import ConfigSet as Environment + +from samba_utils import * +from samba_autoconf import * +import types + +DEFAULT_SELFTEST_PREFIX="./st" + +def options(opt): + + opt.add_option('--enable-selftest', + help=("enable options necessary for selftest (default=no)"), + action="store_true", dest='enable_selftest', default=False) + opt.add_option('--with-selftest-prefix', + help=("specify location of selftest directory " + "(default=%s)" % DEFAULT_SELFTEST_PREFIX), + action="store", dest='SELFTEST_PREFIX', default=DEFAULT_SELFTEST_PREFIX) + + opt.ADD_COMMAND('test', cmd_test) + opt.ADD_COMMAND('testonly', cmd_testonly) + + gr = opt.add_option_group('test options') + + gr.add_option('--load-list', + help=("Load a test id list from a text file"), + action="store", dest='LOAD_LIST', default=None) + gr.add_option('--list', + help=("List available tests"), + action="store_true", dest='LIST', default=False) + gr.add_option('--tests', + help=("wildcard pattern of tests to run"), + action="store", dest='TESTS', default='') + gr.add_option('--filtered-subunit', + help=("output (xfail) filtered subunit"), + action="store_true", dest='FILTERED_SUBUNIT', default=False) + gr.add_option('--quick', + help=("enable only quick tests"), + action="store_true", dest='QUICKTEST', default=False) + gr.add_option('--slow', + help=("enable the really slow tests"), + action="store_true", dest='SLOWTEST', default=False) + gr.add_option('--nb-slowest', + help=("Show the n slowest tests (default=10)"), + type=int, default=10, dest='NB_SLOWEST') + gr.add_option('--testenv', + help=("start a terminal with the test environment setup"), + action="store_true", dest='TESTENV', default=False) + gr.add_option('--valgrind', + help=("use valgrind on client programs in the tests"), + action="store_true", dest='VALGRIND', default=False) + gr.add_option('--valgrind-log', + help=("where to put the valgrind log"), + action="store", dest='VALGRINDLOG', default=None) + gr.add_option('--valgrind-server', + help=("use valgrind on the server in the tests (opens an xterm)"), + action="store_true", dest='VALGRIND_SERVER', default=False) + gr.add_option('--screen', + help=("run the samba servers in screen sessions"), + action="store_true", dest='SCREEN', default=False) + gr.add_option('--gdbtest', + help=("run the servers within a gdb window"), + action="store_true", dest='GDBTEST', default=False) + gr.add_option('--fail-immediately', + help=("stop tests on first failure"), + action="store_true", dest='FAIL_IMMEDIATELY', default=False) + gr.add_option('--socket-wrapper-pcap', + help=("create a pcap file for each failing test"), + action="store_true", dest='SOCKET_WRAPPER_PCAP', default=False) + gr.add_option('--socket-wrapper-keep-pcap', + help=("create a pcap file for all individual test"), + action="store_true", dest='SOCKET_WRAPPER_KEEP_PCAP', default=False) + gr.add_option('--random-order', dest='RANDOM_ORDER', default=False, + action="store_true", help="Run testsuites in random order") + gr.add_option('--perf-test', dest='PERF_TEST', default=False, + action="store_true", help="run performance tests only") + gr.add_option('--test-list', dest='TEST_LIST', default='', + help=("use tests listed here, not defaults " + "(--test-list='FOO|' will execute FOO; " + "--test-list='FOO' will read it)")) + gr.add_option('--no-subunit-filter', + help=("no (xfail) subunit filtering"), + action="store_true", dest='NO_SUBUNIT_FILTER', default=False) + + +def configure(conf): + conf.env.SELFTEST_PREFIX = Options.options.SELFTEST_PREFIX + if Options.options.enable_selftest or Options.options.developer: + conf.DEFINE('ENABLE_SELFTEST', 1) + + +def cmd_testonly(opt): + '''run tests without doing a build first''' + env = LOAD_ENVIRONMENT() + opt.env = env + + if Options.options.SELFTEST_PREFIX != DEFAULT_SELFTEST_PREFIX: + env.SELFTEST_PREFIX = Options.options.SELFTEST_PREFIX + + if (not CONFIG_SET(opt, 'NSS_WRAPPER') or + not CONFIG_SET(opt, 'UID_WRAPPER') or + not CONFIG_SET(opt, 'SOCKET_WRAPPER')): + print("ERROR: You must use --enable-selftest to enable selftest") + sys.exit(1) + + os.environ['SAMBA_SELFTEST'] = '1' + + env.TESTS = Options.options.TESTS + + env.SUBUNIT_FORMATTER = os.getenv('SUBUNIT_FORMATTER') + + # Lots of test scripts need to run with the correct version + # of python. With the correct shebang the script should run with the + # correct version, the problem is that not all scripts are part + # of the installation, some scripts are part of the source code, + # and the shebang is not dynamically generated as yet. + # It is safer if we are somewhat version neutral at the moment and + # ignore the shebang and always run scripts from the test environment + # with the python version (determined by PYTHON env variable) If this + # env variable isn't set then set it according to the python version + # that is running the tests + if not os.getenv('PYTHON', None): + from sys import executable as exe + os.environ['PYTHON'] = os.path.basename(exe) + + if not env.SUBUNIT_FORMATTER: + if Options.options.PERF_TEST: + env.SUBUNIT_FORMATTER = '${PYTHON} -u ${srcdir}/selftest/format-subunit-json --prefix=${SELFTEST_PREFIX}' + else: + env.SUBUNIT_FORMATTER = '${PYTHON} -u ${srcdir}/selftest/format-subunit --prefix=${SELFTEST_PREFIX} --immediate' + env.FILTER_XFAIL = ('${PYTHON} -u ${srcdir}/selftest/filter-subunit ' + '--expected-failures=${srcdir}/selftest/knownfail ' + '--expected-failures=${srcdir}/selftest/knownfail.d ' + '--flapping=${srcdir}/selftest/flapping ' + '--flapping=${srcdir}/selftest/flapping.d') + + if Options.options.FAIL_IMMEDIATELY: + env.FILTER_XFAIL += ' --fail-immediately' + + env.FORMAT_TEST_OUTPUT = '${SUBUNIT_FORMATTER}' + + # clean any previous temporary files + os.system("rm -rf %s/tmp" % env.SELFTEST_PREFIX); + + # put all command line options in the environment as TESTENV_*=* + for o in dir(Options.options): + if o[0:1] != '_': + val = getattr(Options.options, o, '') + if not issubclass(type(val), types.FunctionType) \ + and not issubclass(type(val), types.MethodType): + os.environ['TESTENV_%s' % o.upper()] = str(getattr(Options.options, o, '')) + + env.OPTIONS = '' + if not Options.options.SLOWTEST: + env.OPTIONS += ' --exclude=${srcdir}/selftest/slow' + if Options.options.QUICKTEST: + env.OPTIONS += ' --quick --include=${srcdir}/selftest/quick' + if Options.options.LOAD_LIST: + env.OPTIONS += ' --load-list=%s' % Options.options.LOAD_LIST + if Options.options.TESTENV: + env.OPTIONS += ' --testenv' + if Options.options.SOCKET_WRAPPER_PCAP: + env.OPTIONS += ' --socket-wrapper-pcap' + if Options.options.SOCKET_WRAPPER_KEEP_PCAP: + env.OPTIONS += ' --socket-wrapper-keep-pcap' + if Options.options.RANDOM_ORDER: + env.OPTIONS += ' --random-order' + if Options.options.PERF_TEST: + env.FILTER_OPTIONS = ('${PYTHON} -u ${srcdir}/selftest/filter-subunit ' + '--perf-test-output') + else: + env.FILTER_OPTIONS = '${FILTER_XFAIL}' + + if Options.options.VALGRIND: + os.environ['VALGRIND'] = 'valgrind -q --num-callers=30' + if Options.options.VALGRINDLOG is not None: + os.environ['VALGRIND'] += ' --log-file=%s' % Options.options.VALGRINDLOG + + server_wrapper='' + + if Options.options.VALGRIND_SERVER: + server_wrapper = '${srcdir}/selftest/valgrind_run _DUMMY=X' + elif Options.options.GDBTEST: + server_wrapper = '${srcdir}/selftest/gdb_run _DUMMY=X' + + if Options.options.SCREEN: + server_wrapper = '${srcdir}/selftest/in_screen %s' % server_wrapper + os.environ['TERMINAL'] = EXPAND_VARIABLES(opt, '${srcdir}/selftest/in_screen') + elif server_wrapper != '': + server_wrapper = 'xterm -n server -l -e %s' % server_wrapper + + if server_wrapper != '': + os.environ['SAMBA_VALGRIND'] = EXPAND_VARIABLES(opt, server_wrapper) + os.environ['NMBD_VALGRIND'] = EXPAND_VARIABLES(opt, server_wrapper) + os.environ['WINBINDD_VALGRIND'] = EXPAND_VARIABLES(opt, server_wrapper) + os.environ['SMBD_VALGRIND'] = EXPAND_VARIABLES(opt, server_wrapper) + os.environ['SAMBA_DCERPCD_VALGRIND'] = EXPAND_VARIABLES(opt, server_wrapper) + + # this is needed for systems without rpath, or with rpath disabled + ADD_LD_LIBRARY_PATH('bin/shared') + ADD_LD_LIBRARY_PATH('bin/shared/private') + + # if we are using a system version of ldb then we need to tell it to + # load modules from our modules path + if env.USING_SYSTEM_LDB: + os.environ['LDB_MODULES_PATH'] = os.path.abspath( + os.path.join(*(env.cwd + ['bin/modules/ldb']))) + + # tell build system where to find config.h + os.environ['CONFIG_H'] = 'bin/default/include/config.h' + + # tell the test system where perl is + if isinstance(env.PERL, list): + perl = ' '.join(env.PERL) + else: + perl = env.PERL + os.environ['PERL'] = perl + + st_done = os.path.join(env.SELFTEST_PREFIX, 'st_done') + if os.path.exists(st_done): + os.unlink(st_done) + + if not os.path.isdir(env.SELFTEST_PREFIX): + os.makedirs(env.SELFTEST_PREFIX, int('755', 8)) + + if Options.options.TEST_LIST: + env.TESTLISTS = '--testlist=%r' % Options.options.TEST_LIST + elif Options.options.PERF_TEST: + env.TESTLISTS = '--testlist="${PYTHON} ${srcdir}/selftest/perf_tests.py|" ' + else: + env.TESTLISTS = ('--testlist="${PYTHON} ${srcdir}/selftest/tests.py|" ' + + '--testlist="${PYTHON} ${srcdir}/source3/selftest/tests.py|" ' + + '--testlist="${PYTHON} ${srcdir}/source4/selftest/tests.py|"') + + if CONFIG_SET(opt, 'AD_DC_BUILD_IS_ENABLED'): + env.SELFTEST_TARGET = "samba" + else: + env.SELFTEST_TARGET = "samba3" + + env.OPTIONS += " --nss_wrapper_so_path=" + CONFIG_GET(opt, 'LIBNSS_WRAPPER_SO_PATH') + env.OPTIONS += " --resolv_wrapper_so_path=" + CONFIG_GET(opt, 'LIBRESOLV_WRAPPER_SO_PATH') + env.OPTIONS += " --uid_wrapper_so_path=" + CONFIG_GET(opt, 'LIBUID_WRAPPER_SO_PATH') + + # selftest can optionally use kernel namespaces instead of socket-wrapper + if os.environ.get('USE_NAMESPACES') is None: + env.OPTIONS += " --socket_wrapper_so_path=" + CONFIG_GET(opt, 'LIBSOCKET_WRAPPER_SO_PATH') + + if not CONFIG_SET(opt, 'HAVE_RESOLV_CONF_SUPPORT'): + env.OPTIONS += " --use-dns-faking" + + if CONFIG_GET(opt, 'USING_SYSTEM_KRB5') and CONFIG_GET(opt, 'MIT_KDC_PATH'): + env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc" + if CONFIG_GET(opt, 'HAVE_MIT_KRB5_PRE_1_20'): + env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc_pre_1_20" + + env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ + "knownfail_mit_kdc" + + if CONFIG_GET(opt, 'HAVE_MIT_KRB5_PRE_1_20'): + env.FILTER_XFAIL += ' --expected-failures=${srcdir}/selftest/knownfail_mit_kdc_pre_1_20' + + if CONFIG_GET(opt, 'HAVE_MIT_KRB5_1_20'): + env.FILTER_XFAIL += ' --expected-failures=${srcdir}/selftest/knownfail_mit_kdc_1_20' + else: + env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ + "knownfail_heimdal_kdc" + + if not CONFIG_GET(opt, 'HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X'): + # older MIT krb5 libraries (< 1.14) don't have + # GSS_KRB5_CRED_NO_CI_FLAGS_X + env.OPTIONS += " --exclude=${srcdir}/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X" + + if os.environ.get('DISABLE_OPATH'): + env.OPTIONS += " --exclude=${srcdir}/selftest/skip.opath-required" + + if env.ADDRESS_SANITIZER: + # We try to find the correct libasan automatically + libasan = Utils.cmd_output( + 'ldd bin/texpect | grep libasan| cut -f 3 -d \ ', + silent=True).strip() + libasan = libasan.decode('utf8') + + # Have the selftest.pl LD_PRELOAD libasan in the right spot + env.OPTIONS += " --asan_so_path=" + libasan + + subunit_cache = None + # We use the full path rather than relative path to avoid problems on some platforms (ie. solaris 8). + env.CORE_COMMAND = '${PERL} ${srcdir}/selftest/selftest.pl --target=${SELFTEST_TARGET} --prefix=${SELFTEST_PREFIX} --srcdir=${srcdir} --exclude=${srcdir}/selftest/skip ${TESTLISTS} ${OPTIONS} ${TESTS}' + + # If using namespaces (rather than socket-wrapper), run the selftest script + # in its own network namespace (by doing an 'unshare'). (To create a new + # namespace as a non-root user, we have to also unshare the current user + # namespace, and remap ourself as root in the namespace created) + if os.environ.get('USE_NAMESPACES') is not None: + env.CORE_COMMAND = 'unshare --net --user --map-root-user ' + env.CORE_COMMAND + + if env.ADDRESS_SANITIZER: + # For now we cannot run with leak and odr detection + no_leak_check = "ASAN_OPTIONS=detect_leaks=0:detect_odr_violation=0 " + # And we need to disable RTLD_DEEPBIND in ldb and socket wrapper + no_leak_check += "LDB_MODULES_DISABLE_DEEPBIND=1 " + no_leak_check += "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1" + env.CORE_COMMAND = no_leak_check + " " + env.CORE_COMMAND + + # We need to have the subunit filter and formatter preload + # libasan otherwise the tests fail at startup. + # + # Also, we do not care about leaks in python + + asan_envs = no_leak_check + " LD_PRELOAD=" + libasan + ' ' + env.FILTER_OPTIONS = asan_envs + env.FILTER_OPTIONS + env.SUBUNIT_FORMATTER = asan_envs + env.SUBUNIT_FORMATTER + + if env.UNDEFINED_SANITIZER: + # print a stack trace with the error. + print_stack_trace = "UBSAN_OPTIONS=print_stacktrace=1" + print_stack_trace += ",suppressions=${srcdir}/selftest/ubsan.supp" + env.CORE_COMMAND = print_stack_trace + " " + env.CORE_COMMAND + + if Options.options.LIST: + cmd = '${CORE_COMMAND} --list' + else: + env.OPTIONS += ' --socket-wrapper' + cmd = '(${CORE_COMMAND} && touch ${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS}' + + if Options.options.NO_SUBUNIT_FILTER: + # Skip subunit filtering (i.e. because python is disabled). + # Use --one to bail out upon any failure + cmd = '(${CORE_COMMAND} --one && touch ${SELFTEST_PREFIX}/st_done)' + elif not Options.options.FILTERED_SUBUNIT: + subunit_cache = os.path.join(env.SELFTEST_PREFIX, "subunit") + cmd += ' | tee %s | ${FORMAT_TEST_OUTPUT}' % subunit_cache + else: + cmd += ' | ${FILTER_OPTIONS}' + + runcmd = EXPAND_VARIABLES(opt, cmd) + + print("test: running %s" % runcmd) + ret = RUN_COMMAND(cmd, env=env) + + if (os.path.exists(".testrepository") and + not Options.options.LIST and + not Options.options.LOAD_LIST and + subunit_cache is not None): + testrcmd = 'testr load -q < %s > /dev/null' % subunit_cache + runcmd = EXPAND_VARIABLES(opt, testrcmd) + RUN_COMMAND(runcmd, env=env) + + if subunit_cache is not None: + nb = Options.options.NB_SLOWEST + cmd = "./script/show_testsuite_time %s %d" % (subunit_cache, nb) + runcmd = EXPAND_VARIABLES(opt, cmd) + RUN_COMMAND(runcmd, env=env) + + if ret != 0: + print("ERROR: test failed with exit code %d" % ret) + sys.exit(ret) + + if not Options.options.LIST and not os.path.exists(st_done): + print("ERROR: test command failed to complete") + sys.exit(1) + + +######################################################################## +# main test entry point +def cmd_test(opt): + '''Run the test suite (see test options below)''' + + # if running all tests, then force a symbol check + env = LOAD_ENVIRONMENT() + CHECK_MAKEFLAGS(env) + Options.commands.append('build') + Options.commands.append('testonly') |