diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
| commit | 8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch) | |
| tree | 4099e8021376c7d8c05bdf8503093d80e9c7bad0 /source4/selftest | |
| parent | Initial commit. (diff) | |
| download | samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip | |
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source4/selftest')
23 files changed, 4248 insertions, 0 deletions
diff --git a/source4/selftest/test_samba3dump.sh b/source4/selftest/test_samba3dump.sh new file mode 100755 index 0000000..f8dc850 --- /dev/null +++ b/source4/selftest/test_samba3dump.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# Verify that samba3dump completes. + +. testprogs/blackbox/subunit.sh + +subunit_start_test samba3dump + +SRCDIR=$(dirname $0)/../.. + +if $PYTHON $SRCDIR/source4/scripting/bin/samba3dump $SRCDIR/testdata/samba3; then + subunit_pass_test samba3dump +else + echo | subunit_fail_test samba3dump +fi diff --git a/source4/selftest/test_w2k3.sh b/source4/selftest/test_w2k3.sh new file mode 100755 index 0000000..c2767ce --- /dev/null +++ b/source4/selftest/test_w2k3.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +# tests that should pass against a w2k3 DC, as administrator + +# add tests to this list as they start passing, so we test +# that they stay passing +ncacn_np_tests="RPC-SCHANNEL RPC-DSSETUP RPC-EPMAPPER RPC-SAMR RPC-WKSSVC RPC-SRVSVC RPC-EVENTLOG RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND RPC-WINREG RPC-SPOOLSS RPC-SPOOLSS-WIN" +ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-EPMAPPER RPC-SAMR RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND" + +if [ $# -lt 4 ]; then + cat <<EOF +Usage: test_w2k3.sh SERVER USERNAME PASSWORD DOMAIN REALM +EOF + exit 1 +fi + +server="$1" +username="$2" +password="$3" +domain="$4" +realm="$5" +shift 5 + +incdir=$(dirname $0) +. $incdir/test_functions.sh + +OPTIONS="-U$username%$password -W $domain --option realm=$realm" + +name="RPC-SPOOLSS on ncacn_np" +testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS ncacn_np:"$server" $OPTIONS RPC-SPOOLSS "$*" + +for bindoptions in padcheck connect sign seal ntlm,sign ntlm,seal $VALIDATE bigendian; do + for transport in ncacn_ip_tcp ncacn_np; do + case $transport in + ncacn_np) tests=$ncacn_np_tests ;; + ncacn_ip_tcp) tests=$ncacn_ip_tcp_tests ;; + esac + for t in $tests; do + name="$t on $transport with $bindoptions" + testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS $transport:"${server}[${bindoptions}]" $OPTIONS $t "$*" + done + done +done + +name="RPC-DRSUAPI on ncacn_ip_tcp with seal" +testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS ncacn_ip_tcp:"${server}[seal]" $OPTIONS RPC-DRSUAPI "$*" +name="RPC-DRSUAPI on ncacn_ip_tcp with seal,bigendian" +testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS ncacn_ip_tcp:"${server}[seal,bigendian]" $OPTIONS RPC-DRSUAPI "$*" diff --git a/source4/selftest/test_w2k3_file.sh b/source4/selftest/test_w2k3_file.sh new file mode 100755 index 0000000..b2f8716 --- /dev/null +++ b/source4/selftest/test_w2k3_file.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +# this runs the file serving tests that are expected to pass with win2003 + +if [ $# -lt 3 ]; then + cat <<EOF +Usage: test_w2k3_file.sh UNC USERNAME PASSWORD <first> <smbtorture args> +EOF + exit 1 +fi + +unc="$1" +username="$2" +password="$3" +start="$4" +shift 4 +ADDARGS="$*" + +incdir=$(dirname $0) +. $incdir/test_functions.sh + +tests="BASE-FDPASS BASE-LOCK " +tests="$tests BASE-UNLINK BASE-ATTR" +tests="$tests BASE-DIR1 BASE-DIR2 BASE-VUID" +tests="$tests BASE-TCON BASE-TCONDEV BASE-RW1" +tests="$tests BASE-DENY3 BASE-XCOPY BASE-OPEN BASE-DENYDOS" +tests="$tests BASE-DELETE BASE-PROPERTIES BASE-MANGLE" +tests="$tests BASE-CHKPATH BASE-SECLEAK BASE-TRANS2" +tests="$tests BASE-NTDENY1 BASE-NTDENY2 BASE-RENAME BASE-OPENATTR" +tests="$tests RAW-QFILEINFO RAW-SFILEINFO-BUG RAW-SFILEINFO-BASE" +tests="$tests RAW-LOCK RAW-MKDIR RAW-SEEK RAW-CONTEXT RAW-MUX RAW-OPEN RAW-WRITE" +tests="$tests RAW-UNLINK RAW-READ RAW-CLOSE RAW-IOCTL RAW-CHKPATH RAW-RENAME" +tests="$tests RAW-EAS RAW-STREAMS RAW-OPLOCK RAW-NOTIFY BASE-DELAYWRITE" +# slowest tests last +tests="$tests BASE-DENY1 BASE-DENY2" + +# these tests are known to fail against windows +fail="RAW-SEARCH RAW-ACLS RAW-QFSINFO" + +echo "Skipping tests expected to fail: $fail" + +for t in $tests; do + testit "$t" smb $VALGRIND bin/smbtorture $TORTURE_OPTIONS $ADDARGS $unc -U"$username"%"$password" $t +done diff --git a/source4/selftest/test_win.sh b/source4/selftest/test_win.sh new file mode 100755 index 0000000..bf6d2e1 --- /dev/null +++ b/source4/selftest/test_win.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +# A shell script to connect to a windows host over telnet, +# setup for a smbtorture test, +# run the test, +# and remove the previously configured directory and share. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +. selftest/test_functions.sh + +export SMBTORTURE_REMOTE_HOST=$(perl -I$WINTEST_DIR $WINTEST_DIR/vm_get_ip.pl VM_CFG_PATH) +if [ -z $SMBTORTURE_REMOTE_HOST ]; then + # Restore snapshot to ensure VM is in a known state, then exit. + restore_snapshot "Test failed to get the IP address of the windows host." "$VM_CFG_PATH" + exit 1 +fi + +name="BASE against Windows 2003" +testit "$name" smb $WINTEST_DIR/wintest_base.sh $SMBTORTURE_REMOTE_HOST \ + $SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP + +name="RAW against Windows 2003" +testit "$name" smb $WINTEST_DIR/wintest_raw.sh $SMBTORTURE_REMOTE_HOST \ + $SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP + +name="RPC against Windows 2003" +testit "$name" smb $WINTEST_DIR/wintest_rpc.sh $SMBTORTURE_REMOTE_HOST \ + $SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP + +name="NET against Windows 2003" +testit "$name" smb $WINTEST_DIR/wintest_net.sh $SMBTORTURE_REMOTE_HOST \ + $SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP + +name="Windows 2003 against samba" +testit "$name" smb $WINTEST_DIR/wintest_client.sh $SMBTORTURE_REMOTE_HOST + +dc_tests="RPC-DRSUAPI ncacn_np ncacn_ip_tcp" +for name in $dc_tests; do + testit "$name against Windows 2003 DC" rpc $WINTEST_DIR/wintest_2k3_dc.sh \ + "$name" +done diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py new file mode 100755 index 0000000..d70d7d5 --- /dev/null +++ b/source4/selftest/tests.py @@ -0,0 +1,2182 @@ +#!/usr/bin/python +# This script generates a list of testsuites that should be run as part of +# the Samba 4 test suite. + +# The output of this script is parsed by selftest.pl, which then decides +# which of the tests to actually run. It will, for example, skip all tests +# listed in selftest/skip or only run a subset during "make quicktest". + +# The idea is that this script outputs all of the tests of Samba 4, not +# just those that are known to pass, and list those that should be skipped +# or are known to fail in selftest/skip or selftest/knownfail. This makes it +# very easy to see what functionality is still missing in Samba 4 and makes +# it possible to run the testsuite against other servers, such as Samba 3 or +# Windows that have a different set of features. + +# The syntax for a testsuite is "-- TEST --" on a single line, followed +# by the name of the test, the environment it needs and the command to run, all +# three separated by newlines. All other lines in the output are considered +# comments. + +import os +import sys +sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../selftest")) +import selftesthelpers +from selftesthelpers import bindir, srcdir, binpath, python +from selftesthelpers import configuration, plantestsuite +from selftesthelpers import planpythontestsuite, planperltestsuite +from selftesthelpers import plantestsuite_loadlist +from selftesthelpers import skiptestsuite, source4dir, valgrindify +from selftesthelpers import smbtorture4_options, smbtorture4_testsuites +from selftesthelpers import smbtorture4, samba3srcdir + + +print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr) + + +def plansmbtorture4testsuite(name, env, options, modname=None, environ=None): + if environ is None: + environ = {} + + return selftesthelpers.plansmbtorture4testsuite(name, + env, + options, + target='samba4', + modname=modname, + environ=environ) + + +samba4srcdir = source4dir() +DSDB_PYTEST_DIR = os.path.join(samba4srcdir, "dsdb/tests/python/") +subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun") + + +def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None): + if extra_path is None: + extra_path = [] + if environ is None: + environ = {} + if extra_args is None: + extra_args = [] + environ = dict(environ) + py_path = list(extra_path) + if py_path: + environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path) + args = ["%s=%s" % item for item in environ.items()] + args += [subunitrun, "$LISTOPT", "$LOADLIST", module] + args += extra_args + if name is None: + name = module + plantestsuite_loadlist(name, env, args) + + +samba4bindir = bindir() +validate = os.getenv("VALIDATE", "") +if validate: + validate_list = [validate] +else: + validate_list = [] + +nmblookup4 = binpath('nmblookup4') +smbclient4 = binpath('smbclient4') +smbclient3 = binpath('smbclient') + +bbdir = os.path.join(srcdir(), "testprogs/blackbox") + +# alias to highlight what tests we want to run against a DC with SMBv1 disabled +smbv1_disabled_testenv = "restoredc" + +all_fl_envs = ["fl2000dc", "fl2003dc", "fl2008dc", "fl2008r2dc"] + +# Simple tests for LDAP and CLDAP +for auth_type in ['', '-k no', '-k yes']: + for auth_level in ['--option=clientldapsaslwrapping=plain', '--client-protection=sign', '--client-protection=encrypt']: + creds = '-U"$USERNAME%$PASSWORD"' + options = creds + ' ' + auth_type + ' ' + auth_level + plantestsuite("samba4.ldb.ldap with options %r(ad_dc_default)" % options, "ad_dc_default", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options)) + +# see if we support ADS on the Samba3 side +try: + config_h = os.environ["CONFIG_H"] +except KeyError: + config_h = os.path.join(samba4bindir, "default/include/config.h") + +# check available features +config_hash = dict() +f = open(config_h, 'r') +try: + lines = f.readlines() + config_hash = dict((x[0], ' '.join(x[1:])) + for x in map(lambda line: line.strip().split(' ')[1:], + list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))) +finally: + f.close() + +have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash) +have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash) +have_cluster_support = "CLUSTER_SUPPORT" in config_hash + +for options in ['-U"$USERNAME%$PASSWORD"']: + plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs", + "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options)) + +creds_options = [ + '--simple-bind-dn=$USERNAME@$REALM --password=$PASSWORD', +] +peer_options = { + 'SERVER_IP': '$SERVER_IP', + 'SERVER_NAME': '$SERVER', + 'SERVER.REALM': '$SERVER.$REALM', +} +tls_verify_options = [ + '--option="tlsverifypeer=no_check"', + '--option="tlsverifypeer=ca_only"', + '--option="tlsverifypeer=ca_and_name_if_available"', + '--option="tlsverifypeer=ca_and_name"', + '--option="tlsverifypeer=as_strict_as_possible"', +] + +# we use :local for fl2008r2dc because of the self-signed certificate +for env in ["ad_dc_ntvfs", "fl2008r2dc:local"]: + for peer_key in peer_options.keys(): + peer_val = peer_options[peer_key] + for creds in creds_options: + for tls_verify in tls_verify_options: + options = creds + ' ' + tls_verify + plantestsuite("samba4.ldb.simple.ldaps with options %s %s(%s)" % ( + peer_key, options, env), env, + "%s/test_ldb_simple.sh ldaps %s %s" % (bbdir, peer_val, options)) + +# test all "ldap server require strong auth" combinations +for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]: + options = '--simple-bind-dn="$USERNAME@$REALM" --password="$PASSWORD"' + plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env), + env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options)) + options += ' --option="tlsverifypeer=no_check"' + plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env), + env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options)) + + auth_options = [ + '--option=clientldapsaslwrapping=plain', + '--client-protection=sign', + '--client-protection=encrypt', + '--use-kerberos=required --option=clientldapsaslwrapping=plain', + '--use-kerberos=required --client-protection=sign', + '--use-kerberos=required --client-protection=encrypt', + '--use-kerberos=disabled --option=clientldapsaslwrapping=plain', + '--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no', + '--use-kerberos=disabled --client-protection=sign', + '--use-kerberos=disabled --client-protection=encrypt', + ] + + for auth_option in auth_options: + options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option + plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env), + env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options)) + options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"' + plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env), + env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options)) + +envraw = "fl2008r2dc" +env = "%s:local" % envraw +plantestsuite("samba4.ldap_tls_reload(%s)" % (env), env, + "%s/test_ldap_tls_reload.sh $PREFIX_ABS $PREFIX_ABS/%s/private/tls $SERVER.$REALM" % (bbdir, envraw)) + +for options in ['-U"$USERNAME%$PASSWORD"']: + plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local", + "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options)) + +for t in smbtorture4_testsuites("ldap."): + if t == "ldap.nested-search": + plansmbtorture4testsuite(t, "ad_dc_default_smb1", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_') + elif t == "ldap.session-expiry": + # This requires kerberos and thus the server name + plansmbtorture4testsuite( + t, "ad_dc_default", '-U"$USERNAME%$PASSWORD" //$DC_SERVER/_none_') + else: + plansmbtorture4testsuite( + t, + "ad_dc_default", + '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_ -D "$USERNAME"@"$REALM"##"$PASSWORD"') + +for t in smbtorture4_testsuites("dsdb."): + plansmbtorture4testsuite(t, "ad_dc:local", "localhost") + +ldbdir = os.path.join(srcdir(), "lib/ldb") +# Don't run LDB tests when using system ldb, as we won't have ldbtest installed +if os.path.exists(os.path.join(samba4bindir, "ldbtest")): + plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir)) +else: + skiptestsuite("ldb.base", "Using system LDB, ldbtest not available") + +plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)", + "ad_dc_ntvfs:local", + [python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"), + '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT']) + +# Tests for RPC + +# add tests to this list as they start passing, so we test +# that they stay passing +ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"] +ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"] +drs_rpc_tests = smbtorture4_testsuites("drs.rpc") +ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests +slow_ncacn_np_tests = ["rpc.samlogon", + "rpc.samr", + "rpc.samr.users", + "rpc.samr.large-dc", + "rpc.samr.users.privileges", + "rpc.samr.passwords.default", + "rpc.samr.passwords.pwdlastset", + "rpc.samr.passwords.lockout", + "rpc.samr.passwords.badpwdcount"] +slow_ncacn_ip_tcp_tests = ["rpc.cracknames"] + +all_rpc_tests = ncalrpc_tests + ncacn_np_tests + ncacn_ip_tcp_tests + slow_ncacn_np_tests + slow_ncacn_ip_tcp_tests + ["rpc.lsa.secrets", "rpc.pac", "rpc.samba3-sharesec", "rpc.countcalls"] + +# Filter RPC tests that should not run against ad_dc_ntvfs +rpc_s3only = [ + "rpc.mdssvc", +] +rpc_fipsonly = [ + "rpc.fips.netlogon.crypto", +] +rpc_exclude = rpc_s3only + rpc_fipsonly +rpc_tests = [x for x in smbtorture4_testsuites("rpc.") if x not in rpc_exclude] +auto_rpc_tests = list(filter(lambda t: t not in all_rpc_tests, rpc_tests)) + +for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]: + for transport in ["ncalrpc", "ncacn_np", "ncacn_ip_tcp"]: + env = "ad_dc_default" + local = "" + if transport == "ncalrpc": + tests = ncalrpc_tests + local = ":local" + elif transport == "ncacn_np": + tests = ncacn_np_tests + elif transport == "ncacn_ip_tcp": + tests = ncacn_ip_tcp_tests + else: + raise AssertionError("invalid transport %r" % transport) + for t in tests: + if t == "rpc.netlogon": + env = "ad_dc_ntvfs" + elif t == "rpc.join": + env = "ad_dc_default_smb1" + plansmbtorture4testsuite(t, env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions)) + plansmbtorture4testsuite('rpc.samba3-sharesec', env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:share=tmp'], "samba4.rpc.samba3.sharesec on %s with %s" % (transport, bindoptions)) + +# Plugin S4 DC tests (confirms named pipe auth forwarding). This can be expanded once kerberos is supported in the plugin DC +# +for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]: + for t in ncacn_np_tests: + env = "ad_dc" + transport = "ncacn_np" + if t in ["rpc.authcontext", "rpc.join"]: + env = "ad_dc_smb1" + plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions)) + +for bindoptions in [""] + validate_list + ["bigendian"]: + for t in auto_rpc_tests: + env = "ad_dc_default" + if t in ["rpc.srvsvc", "rpc.mgmt"]: + env = "ad_dc_ntvfs" + elif t == "rpc.join": + env = "ad_dc_default_smb1" + plansmbtorture4testsuite(t, env, ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions)) + +t = "rpc.countcalls" +plansmbtorture4testsuite(t, "ad_dc_default:local", ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s" % t) + +for transport in ["ncacn_np", "ncacn_ip_tcp"]: + env = "ad_dc_slowtests" + if transport == "ncacn_np": + tests = slow_ncacn_np_tests + elif transport == "ncacn_ip_tcp": + tests = slow_ncacn_ip_tcp_tests + else: + raise AssertionError("Invalid transport %r" % transport) + for t in tests: + bindoptions = '' + if t == 'rpc.cracknames': + bindoptions = 'seal' + plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions)) + +# Tests for the DFS referral calls implementation +for t in smbtorture4_testsuites("dfs."): + plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD') + plansmbtorture4testsuite(t, "ad_dc_smb1", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD') + +# Tests for the NET API (net.api.become.dc tested below against all the roles) +net_tests = list(filter(lambda x: "net.api.become.dc" not in x, smbtorture4_testsuites("net."))) +for t in net_tests: + plansmbtorture4testsuite(t, "ad_dc_default", '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate) + +# Tests for session keys and encryption of RPC pipes +# FIXME: Integrate these into a single smbtorture test + +transport = "ncacn_np" +for env in ["ad_dc_default", "nt4_dc"]: + for ntlmoptions in [ + "-k no --option=clientusespnego=yes", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes", + "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no", + "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes", + "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no", + "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes", + "-k no --option=clientusespnego=no --option=clientntlmv2auth=yes", + "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes", + "-k no --option=clientusespnego=no"]: + name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions) + plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name) + plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient3, '$SMB_CONF_PATH', configuration]) + +gpo = smbtorture4_testsuites("gpo.") +for t in gpo: + plansmbtorture4testsuite(t, 'ad_dc:local', ['//$SERVER/sysvol', '-U$USERNAME%$PASSWORD']) + +transports = ["ncacn_np", "ncacn_ip_tcp"] + +# Kerberos varies between functional levels, so it is important to check this on all of them +for env in all_fl_envs: + transport = "ncacn_np" + plansmbtorture4testsuite('rpc.pac', env, ["%s:$SERVER[]" % (transport, ), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.pac on %s" % (transport,)) + plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME', 'rpc.lsa.secrets'], "samba4.rpc.lsa.secrets on %s with Kerberos" % (transport,)) + plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use target principal" % (transport,)) + plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=dcom/$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dcom" % (transport,)) + plansmbtorture4testsuite('rpc.lsa.secrets', env, [r"%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,)) + plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal" % (transport,)) + plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport) + plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME', '--option=gensec_krb5:send_authenticator_checksum=false'], "samba4.rpc.lsa.secrets on %s with Kerberos - use raw-krb5-no-authenticator-checksum style login" % transport) + plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:fake_gssapi_krb5=yes', '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login, use target principal" % transport) + + # Winreg tests test bulk Kerberos encryption of DCE/RPC + # We test rpc.winreg here too, because the winreg interface if + # handled by the source3/rpc_server code. + for bindoptions in ["connect", "packet", "krb5", "krb5,packet", "krb5,sign", "krb5,seal", "spnego", "spnego,packet", "spnego,sign", "spnego,seal"]: + plansmbtorture4testsuite('rpc.winreg', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.winreg on %s with %s" % (transport, bindoptions)) + + for transport in transports: + plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, )) + + # Echo tests test bulk Kerberos encryption of DCE/RPC + for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]: + echooptions = "--option=socket:testnonblock=True --option=torture:quick=yes -k yes" + plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), echooptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, echooptions)) + +for env in ["fl2000dc", "fl2008r2dc"]: + plansmbtorture4testsuite("net.api.become.dc", env, '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate) + +for bindoptions in ["sign", "seal"]: + plansmbtorture4testsuite('rpc.backupkey', "ad_dc_default", ["ncacn_np:$SERVER[%s]" % (bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.backupkey with %s" % (bindoptions)) + +for transport in transports: + for bindoptions in ["sign", "seal"]: + for ntlmoptions in [ + "--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes", + "--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes", + "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no --option=torture:quick=yes", + "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no --option=torture:quick=yes", + "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes", + "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes", + "--option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes", + "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes --option=torture:quick=yes", + "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes"]: + if transport == "ncalrpc": + env = "ad_dc_default:local" + else: + env = "ad_dc_default" + plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, ntlmoptions)) + +plansmbtorture4testsuite('rpc.echo', "ad_dc_default", ['ncacn_np:$SERVER[smb2]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on ncacn_np over smb2") +for env in ["ad_dc", "nt4_dc"]: + plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_np:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_np with object") + plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_ip_tcp:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_ip_tcp with object") + +plansmbtorture4testsuite('ntp.signd', "ad_dc_default:local", ['ncacn_np:$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.ntp.signd") + +nbt_tests = smbtorture4_testsuites("nbt.") +for t in nbt_tests: + plansmbtorture4testsuite(t, "ad_dc_ntvfs", "//$SERVER/_none_ -U\"$USERNAME%$PASSWORD\"") + +# Tests against the NTVFS POSIX backend +ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"] + +# Filter smb2 tests that should not run against ad_dc_ntvfs +smb2_s3only = [ + "smb2.change_notify_disabled", + "smb2.dosmode", + "smb2.credits", + "smb2.kernel-oplocks", + "smb2.durable-v2-delay", + "smb2.aio_delay", + "smb2.fileid", + "smb2.timestamps", + "smb2.async_dosmode", + "smb2.twrp", + "smb2.ea", + "smb2.create_no_streams", +] +smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only] + +# The QFILEINFO-IPC test needs to be on ipc$ +raw = list(filter(lambda x: "raw.qfileinfo.ipc" not in x, smbtorture4_testsuites("raw."))) +base = smbtorture4_testsuites("base.") + +netapi = smbtorture4_testsuites("netapi.") + +for t in base + raw + smb2 + netapi: + plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$SERVER/tmp', '-U$USERNAME%$PASSWORD'] + ntvfsargs) + +libsmbclient = smbtorture4_testsuites("libsmbclient.") +protocols = [ 'NT1', 'SMB3' ] +for t in libsmbclient: + url = "smb://$USERNAME:$PASSWORD@$SERVER/tmp" + if t == "libsmbclient.list_shares": + url = "smb://$USERNAME:$PASSWORD@$SERVER" + if t == "libsmbclient.utimes": + url += "/utimes.txt" + + libsmbclient_testargs = [ + '//$SERVER/tmp', + '-U$USERNAME%$PASSWORD', + "--option=torture:smburl=" + url, + "--option=torture:replace_smbconf=" + "%s/testdata/samba3/smb_new.conf" % srcdir() + ] + + for proto in protocols: + plansmbtorture4testsuite( + t, + "nt4_dc" if proto == "SMB3" else "nt4_dc_smb1_done", + libsmbclient_testargs + + [ "--option=torture:clientprotocol=%s" % proto], + "samba4.%s.%s" % (t, proto)) + +url = "smb://baduser:invalidpw@$SERVER/tmpguest" +t = "libsmbclient.noanon_list" +libsmbclient_testargs = [ + '//$SERVER/tmpguest', + '-U$USERNAME%$PASSWORD', + "--option=torture:smburl=" + url, + "--option=torture:replace_smbconf=" + "%s/testdata/samba3/smb_new.conf" % srcdir() + ] +for proto in protocols: + plansmbtorture4testsuite(t, + "maptoguest", + libsmbclient_testargs + + [ "--option=torture:clientprotocol=%s" % proto], + "samba4.%s.baduser.%s" % (t, proto)) + +plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD') + +for t in smbtorture4_testsuites("rap."): + plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/IPC\$ -U$USERNAME%$PASSWORD') + +# Tests against the NTVFS CIFS backend +for t in base + raw: + plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=yes'] + ntvfsargs, modname="samba4.ntvfs.cifs.krb5.%s" % t) + +# Test NTVFS CIFS backend with S4U2Self and S4U2Proxy +t = "base.unlink" +plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t) +plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=yes'] + ntvfsargs, "samba4.ntvfs.cifs.krb5.%s" % t) +plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t) + +plansmbtorture4testsuite('echo.udp', 'ad_dc_ntvfs:local', '//$SERVER/whatever') + +# Local tests +for t in smbtorture4_testsuites("local."): + # The local.resolve test needs a name to look up using real system (not emulated) name routines + plansmbtorture4testsuite(t, "none", "ncalrpc:localhost") + +# Confirm these tests with the system iconv too +for t in ["local.convert_string_handle", "local.convert_string", "local.ndr"]: + options = "ncalrpc: --option='iconv:use_builtin_handlers=false'" + plansmbtorture4testsuite(t, "none", options, + modname="samba4.%s.system.iconv" % t) + +tdbtorture4 = binpath("tdbtorture") +if os.path.exists(tdbtorture4): + plantestsuite("tdb.stress", "none", valgrindify(tdbtorture4)) +else: + skiptestsuite("tdb.stress", "Using system TDB, tdbtorture not available") + +plansmbtorture4testsuite("drs.unit", "none", "ncalrpc:") + +# Pidl tests +for f in sorted(os.listdir(os.path.join(samba4srcdir, "../pidl/tests"))): + if f.endswith(".pl"): + planperltestsuite("pidl.%s" % f[:-3], os.path.normpath(os.path.join(samba4srcdir, "../pidl/tests", f))) + +# DNS tests +plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba.tests.dns", "rodc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba.tests.dns", "vampire_dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba.tests.dns_aging", "fl2003dc:local", + [python, + f"{srcdir()}/python/samba/tests/dns_aging.py", + '$SERVER', + '$SERVER_IP', + '--machine-pass', + '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns_forwarder.py"), '$SERVER', '$SERVER_IP', '$DNS_FORWARDER1', '$DNS_FORWARDER2', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba.tests.dns_packet", + "ad_dc", + [python, + '-msamba.subunit.run', + '$LOADLIST', + "$LISTOPT" + "samba.tests.dns_packet" + ]) + +plantestsuite_loadlist("samba.tests.sddl", + "none", + [python, + '-msamba.subunit.run', + '$LOADLIST', + "$LISTOPT" + "samba.tests.sddl" + ]) + +plantestsuite_loadlist("samba.tests.sddl_conditional_ace", + "none", + [python, + '-msamba.subunit.run', + '$LOADLIST', + "$LISTOPT" + "samba.tests.sddl_conditional_ace" + ]) + +for t in smbtorture4_testsuites("dns_internal."): + plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever') + +# Local tests +for t in smbtorture4_testsuites("dlz_bind9."): + # The dlz_bind9 tests needs to look at the DNS database + plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD']) + +planpythontestsuite("fileserver_smb1", "samba.tests.libsmb-basic") + +planpythontestsuite("ad_member", "samba.tests.smb-notify", + environ={'USERNAME':'$DC_USERNAME', + 'PASSWORD':'$DC_PASSWORD', + 'USERNAME_UNPRIV':'alice', + 'PASSWORD_UNPRIV':'Secret007', + 'STRICT_CHECKING':'0', + 'NOTIFY_SHARE':'notify_priv'}) + +# Blackbox Tests: +# tests that interact directly with the command-line tools rather than using +# the API. These mainly test that the various command-line options of commands +# work correctly. + +# smbtorture --fullname parameter test +plantestsuite("samba4.blackbox.smbtorture_subunit_names", "none", + [ + os.path.join(bbdir, "test_smbtorture_test_names.sh"), + smbtorture4 + ]) + +for env in ["ad_member", "ad_dc_ntvfs", "chgdcpass"]: + plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4]) + +plantestsuite("samba4.blackbox.samba_tool(ad_dc_default:local)", "ad_dc_default:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient3]) +plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN']) + +plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS']) + +plantestsuite("samba4.blackbox.test_alias_membership", "ad_member_idmap_rid:local", [os.path.join(bbdir, "test_alias_membership.sh"), '$PREFIX_ABS']) + +plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS']) + +planpythontestsuite("ad_dc_default", "samba.tests.blackbox.claims") + +if have_heimdal_support: + plantestsuite("samba4.blackbox.kpasswd", + "ad_dc:local", + [ + os.path.join(bbdir, "test_kpasswd_heimdal.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + "$PREFIX", + configuration + ]) + plantestsuite("samba4.blackbox.krb5.s4u", + "fl2008r2dc:local", + [ + os.path.join(bbdir, "test_s4u_heimdal.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$TRUST_SERVER', + '$TRUST_USERNAME', + '$TRUST_PASSWORD', + '$TRUST_REALM', + '$TRUST_DOMAIN', + '$PREFIX', + configuration + ]) +else: + plantestsuite("samba4.blackbox.kpasswd", + "ad_dc:local", + [ + os.path.join(bbdir, "test_kpasswd_mit.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + "$PREFIX", + configuration + ]) + +plantestsuite("samba4.blackbox.kinit_simple", + "ad_dc:local", + [ + os.path.join(bbdir, "test_kinit.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$PREFIX', + smbclient3, + configuration + ]) +plantestsuite("samba4.blackbox.kinit_simple", + "fl2000dc:local", + [ + os.path.join(bbdir, "test_kinit.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$PREFIX', + smbclient3, + configuration + ]) +plantestsuite("samba4.blackbox.kinit_simple", + "fl2008r2dc:local", + [ + os.path.join(bbdir, "test_kinit.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$PREFIX', + smbclient3, + configuration + ]) + + +plantestsuite("samba4.blackbox.kinit_trust", + "fl2008r2dc:local", + [ + os.path.join(bbdir, "test_kinit_trusts.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$TRUST_SERVER', + '$TRUST_USERNAME', + '$TRUST_PASSWORD', + '$TRUST_REALM', + '$TRUST_DOMAIN', + '$PREFIX', + "forest", + configuration + ]) +plantestsuite("samba4.blackbox.kinit_trust", + "fl2003dc:local", + [ + os.path.join(bbdir, "test_kinit_trusts.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$TRUST_SERVER', + '$TRUST_USERNAME', + '$TRUST_PASSWORD', + '$TRUST_REALM', + '$TRUST_DOMAIN', + '$PREFIX', + "external", + configuration + ]) +plantestsuite("samba4.blackbox.kinit_trust", + "fl2000dc:local", + [ + os.path.join(bbdir, "test_kinit_trusts.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$TRUST_SERVER', + '$TRUST_USERNAME', + '$TRUST_PASSWORD', + '$TRUST_REALM', + '$TRUST_DOMAIN', + '$PREFIX', + "external", + configuration + ]) + +plantestsuite("samba4.blackbox.kinit.export.keytab", + "ad_dc:local", + [ + os.path.join(bbdir, "test_kinit_export_keytab.sh"), + '$SERVER', + '$USERNAME', + '$REALM', + '$DOMAIN', + "$PREFIX", + smbclient3, + configuration + ]) + +plantestsuite("samba4.blackbox.pkinit_simple", + "ad_dc:local", + [os.path.join(bbdir, "test_pkinit_simple.sh"), + '$SERVER', + 'pkinit', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$PREFIX/ad_dc', + smbclient3, + configuration]) +plantestsuite("samba4.blackbox.pkinit_pac", + "ad_dc:local", + [os.path.join(bbdir, "test_pkinit_pac.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + '$PREFIX/ad_dc', + configuration]) + +plantestsuite("samba.blackbox.client_kerberos", "ad_dc", [os.path.join(bbdir, "test_client_kerberos.sh"), '$DOMAIN', '$REALM', '$USERNAME', '$PASSWORD', '$SERVER', '$PREFIX_ABS', '$SMB_CONF_PATH']) + +env="ad_member:local" +plantestsuite("samba.blackbox.rpcclient_schannel", + env, + [os.path.join(bbdir, "test_rpcclient_schannel.sh"), + '$DOMAIN', + '$REALM', + '$DC_USERNAME', + '$DC_PASSWORD', + '$DC_SERVER', + '$PREFIX_ABS', + '$SMB_CONF_PATH', + env]) +env="ad_member_fips:local" +plantestsuite("samba.blackbox.rpcclient_schannel", + env, + [os.path.join(bbdir, "test_rpcclient_schannel.sh"), + '$DOMAIN', + '$REALM', + '$DC_USERNAME', + '$DC_PASSWORD', + '$DC_SERVER', + '$PREFIX_ABS', + '$SMB_CONF_PATH', + env], + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + +plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE']) +plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE']) +plantestsuite("samba4.blackbox.trust_ntlm", "fl2000dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE']) +plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE']) +plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE']) + +plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"]) +plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"]) +plantestsuite("samba4.blackbox.trust_utils(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"]) +plantestsuite("samba4.blackbox.trust_token", "fl2008r2dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'forest']) +plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external']) +plantestsuite("samba4.blackbox.trust_token", "fl2000dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external']) +plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs']) +plantestsuite("samba4.blackbox.password_settings", + "ad_dc:local", + [ + os.path.join(bbdir, "test_password_settings.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + "$PREFIX", + configuration + ]) +plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN']) +plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"]) +plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4]) +plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX']) +plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX']) +plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"]) +plantestsuite("samba4.blackbox.rfc2307_mapping", + "ad_dc:local", + [ + os.path.join(samba4srcdir, + "../nsswitch/tests/test_rfc2307_mapping.sh"), + '$DOMAIN', + '$USERNAME', + '$PASSWORD', + "$SERVER", + "$UID_RFC2307TEST", + "$GID_RFC2307TEST", + configuration + ]) +plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3]) +plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass']) +plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS']) +plantestsuite("samba4.blackbox.net_offlinejoin", "ad_dc:client", [os.path.join(bbdir, "test_net_offline.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS']) +plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23']) +plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23']) +plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18']) +plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD']) +plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID', configuration]) + +env = "ad_member:local" +plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env, + [os.path.join(bbdir, "test_net_ads_search_server.sh"), + '$DC_SERVER', '$REALM']) +plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_e_both", env, + [os.path.join(bbdir, "test_net_ads_search_server.sh"), + '$TRUST_E_BOTH_SERVER', '$TRUST_E_BOTH_REALM']) +plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_f_both", env, + [os.path.join(bbdir, "test_net_ads_search_server.sh"), + '$TRUST_F_BOTH_SERVER', '$TRUST_F_BOTH_REALM']) + +if have_gnutls_fips_mode_support: + plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"]) + plantestsuite("samba4.blackbox.test_weak_disable_ntlmssp_ldap", "ad_member:local", [os.path.join(bbdir, "test_weak_disable_ntlmssp_ldap.sh"),'$DC_USERNAME', '$DC_PASSWORD']) + + for env in ["ad_dc_fips", "ad_member_fips"]: + plantestsuite("samba4.blackbox.weak_crypto.server", + env, + [os.path.join(bbdir, "test_weak_crypto_server.sh"), + '$SERVER', + '$USERNAME', + '$PASSWORD', + '$REALM', + '$DOMAIN', + "$PREFIX/ad_dc_fips", + configuration], + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + + plantestsuite("samba4.blackbox.net_ads_fips", + "ad_dc_fips:client", + [os.path.join(bbdir, "test_net_ads_fips.sh"), + '$DC_SERVER', + '$DC_USERNAME', + '$DC_PASSWORD', + '$PREFIX_ABS'], + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + + t = "--krb5auth=$DOMAIN/$DC_USERNAME%$DC_PASSWORD" + plantestsuite("samba3.wbinfo_simple.fips.%s" % t, + "ad_member_fips:local", + [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t], + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + plantestsuite("samba4.wbinfo_name_lookup.fips", + "ad_member_fips", + [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_name_lookup.sh"), + '$DOMAIN', + '$REALM', + '$DC_USERNAME'], + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + + plansmbtorture4testsuite('rpc.fips.netlogon.crypto', + 'ad_dc_fips', + ['ncacn_np:$SERVER[krb5]', + '-U$USERNAME%$PASSWORD', + '--workgroup=$DOMAIN', + '--client-protection=encrypt'], + 'samba4.rpc.fips.netlogon.crypto', + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + +plansmbtorture4testsuite('rpc.echo', "ad_dc_ntvfs", ['ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD'], "samba4.rpc.echo against NetBIOS alias") + +# Test wbinfo trust auth +for env in ["ad_member_oneway:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]: + for t in ["--krb5auth=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD", + "--krb5auth=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD", + "--authenticate=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD", + "--authenticate=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD"]: + plantestsuite("samba3.wbinfo_simple.trust:%s" % t, env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t]) + +# json tests hook into ``chgdcpass'' to make them run in contributor CI on +# gitlab +planpythontestsuite("chgdcpass", "samba.tests.blackbox.netads_json") + +# Tests using the "Simple" NTVFS backend +for t in ["base.rw1"]: + plansmbtorture4testsuite(t, "ad_dc_ntvfs", ["//$SERVER/simple", '-U$USERNAME%$PASSWORD'], modname="samba4.ntvfs.simple.%s" % t) + +# Domain S4member Tests +plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.echo against s4member server with local creds") +plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], "samba4.rpc.echo against s4member server with domain creds") +plansmbtorture4testsuite('rpc.samr', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr against s4member server with local creds") +plansmbtorture4testsuite('rpc.samr.users', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr.users against s4member server with local creds",) +plansmbtorture4testsuite('rpc.samr.passwords.default', + "s4member", + ['ncacn_np:$NETBIOSNAME', + '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], + "samba4.rpc.samr.passwords.default against s4member server with local creds") +plantestsuite("samba4.blackbox.smbclient against s4member server with local creds", "s4member", [os.path.join(samba4srcdir, "client/tests/test_smbclient.sh"), '$NETBIOSNAME', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX', smbclient4]) + +# RPC Proxy +plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], modname="samba4.rpc.echo against rpc proxy with domain creds") + +# Tests SMB signing +for mech in [ + "-k no", + "-k no --option=clientusespnego=no", + "-k no --option=gensec:spengo=no", + "-k yes", + "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]: + for signing in ["--option=clientsigning=desired", "--option=clientsigning=required"]: + signoptions = "%s %s" % (mech, signing) + name = "smb.signing on with %s" % signoptions + plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], modname="samba4.%s" % name) + +for mech in [ + "-k no", + "-k no --option=clientusespnego=no", + "-k no --option=gensec:spengo=no", + "-k yes"]: + signoptions = "%s --client-protection=off" % mech + name = "smb.signing disabled on with %s" % signoptions + plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name) + plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], "samba4.%s" % name) + plansmbtorture4testsuite('base.xcopy', "ad_dc", + ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name) + +plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient3]) +for mech in [ + "-k no", + "-k no --option=clientusespnego=no", + "-k no --option=gensec:spengo=no"]: + signoptions = "%s --client-protection=off" % mech + plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions) + +plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=desired', '-U%'], modname="samba4.smb.signing --option=clientsigning=desired anon") +plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=required', '-U%'], modname="samba4.smb.signing --option=clientsigning=required anon") +plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=disabled', '-U%'], modname="samba4.smb.signing --option=clientsigning=disabled anon") + +# Test SPNEGO without issuing an optimistic token +opt='--option=spnego:client_no_optimistic=yes' +plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'no'], modname="samba4.smb.spnego.ntlmssp.no_optimistic") +plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'yes'], modname="samba4.smb.spnego.krb5.no_optimistic") + +wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""] + +winbind_ad_client_tests = smbtorture4_testsuites("winbind.struct") + smbtorture4_testsuites("winbind.pac") +winbind_wbclient_tests = smbtorture4_testsuites("winbind.wbclient") +for env in ["ad_dc", "ad_member", "nt4_member"]: + wb_opts = wb_opts_default[:] + if env in ["ad_member"]: + wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""] + for t in winbind_ad_client_tests: + plansmbtorture4testsuite(t, "%s:local" % env, wb_opts + ['//$SERVER/tmp', '--realm=$REALM', '--machine-pass', '--option=torture:addc=$DC_SERVER']) + +for env in ["nt4_dc", "fl2003dc"]: + for t in winbind_wbclient_tests: + plansmbtorture4testsuite(t, "%s:local" % env, '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD') + +for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "chgdcpass", "rodc"]: + tests = ["--ping", "--separator", + "--own-domain", + "--all-domains", + "--trusted-domains", + "--domain-info=BUILTIN", + "--domain-info=$DOMAIN", + "--online-status", + "--online-status --domain=BUILTIN", + "--online-status --domain=$DOMAIN", + "--check-secret --domain=$DOMAIN", + "--change-secret --domain=$DOMAIN", + "--check-secret --domain=$DOMAIN", + "--online-status --domain=$DOMAIN", + "--domain-users", + "--domain-groups", + "--name-to-sid=$DC_USERNAME", + "--name-to-sid=$DOMAIN/$DC_USERNAME", + "--user-info=$DOMAIN/$DC_USERNAME", + "--user-groups=$DOMAIN/$DC_USERNAME", + "--authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD", + "--allocate-uid", + "--allocate-gid"] + + for t in tests: + plantestsuite("samba.wbinfo_simple.%s" % (t.replace(" --", ".").replace("--", "")), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t]) + + plantestsuite( + "samba.wbinfo_sids2xids.(%s:local)" % env, "%s:local" % env, + [os.path.join(samba3srcdir, "script/tests/test_wbinfo_sids2xids.sh")]) + + planpythontestsuite(env + ":local", "samba.tests.ntlm_auth") + +plantestsuite( + "samba.wbinfo_u_large_ad.(ad_dc:local)", + "ad_dc:local", + [os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")]) + +for env in ["ktest"]: + planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5") + +for env in ["s4member_dflt_domain", "s4member"]: + for cmd in ["id", "getent"]: + users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"] + if env == "s4member": + users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"] + for usr in users: + plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir, cmd, usr)) + +nsstest4 = binpath("nsstest") +for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]: + if os.path.exists(nsstest4): + plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "plugins/libnss_wrapper_winbind.so.2")]) + else: + skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available") + + +if have_gnutls_fips_mode_support: + planoldpythontestsuite("ad_dc", + "samba.tests.dcerpc.createtrustrelax", + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + planoldpythontestsuite("ad_dc_fips", + "samba.tests.dcerpc.createtrustrelax", + environ={'GNUTLS_FORCE_FIPS_MODE': '1', + 'OPENSSL_FORCE_FIPS_MODE': '1'}) + +# Run complex search expressions test once for each database backend. +# Right now ad_dc has mdb and ad_dc_ntvfs has tdb +mdb_testenv = "ad_dc" +tdb_testenv = "ad_dc_ntvfs" +for testenv in [mdb_testenv, tdb_testenv]: + planoldpythontestsuite(testenv, "samba.tests.complex_expressions", extra_args=['-U"$USERNAME%$PASSWORD"']) + +# samba.tests.gensec is only run in ad_dc to ensure it runs with and +# MIT and Heimdal build, it can run against any environment that +# supports FAST +planoldpythontestsuite("ad_dc:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"']) + +planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python") +planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.sam") +planpythontestsuite("ad_dc_default:local", "samba.tests.dsdb") +planpythontestsuite("none", "samba.tests.samba_startup_fl_change") +planpythontestsuite("none", "samba.tests.dsdb_lock") +planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.bare") +planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.lsa") +planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.unix") +planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc") +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.timecmd") +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.join") +planpythontestsuite("ad_dc_default:local", "samba.tests.ldap_whoami") +planpythontestsuite("ad_member_s3_join", "samba.tests.samba_tool.join_member") +planpythontestsuite("ad_dc_default", + "samba.tests.samba_tool.join_lmdb_size") +planpythontestsuite("ad_dc_default", + "samba.tests.samba_tool.drs_clone_dc_data_lmdb_size") +planpythontestsuite("ad_dc_default", + "samba.tests.samba_tool.promote_dc_lmdb_size") + +planpythontestsuite("none", "samba.tests.samba_tool.visualize") + + +# test fsmo show +for env in all_fl_envs: + planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo") + +# test getpassword for group managed service accounts +planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_getpassword_gmsa") + +# test samba-tool user, group, contact and computer edit command +for env in all_fl_envs: + env += ":local" + plantestsuite("samba.tests.samba_tool.user_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/user_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD']) + plantestsuite("samba.tests.samba_tool.group_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/group_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD']) + plantestsuite("samba.tests.samba_tool.contact_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/contact_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD']) + plantestsuite("samba.tests.samba_tool.computer_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/computer_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD']) + +# We run this test against both AD DC implementations because it is +# the only test we have of GPO get/set behaviour, and this involves +# the file server as well as the LDAP server. +# It's also a good sanity-check that sysvol backup worked correctly. +for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc", + smbv1_disabled_testenv]: + planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo") +for env in ["ad_dc_ntvfs", "ad_dc"]: + planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo_exts") + +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes") + +planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user") +planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_policy") +planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_silo") +for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]: + planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest") +for env, nt_hash in [("ad_dc:local", True), + ("ad_dc_no_ntlm:local", False)]: + planpythontestsuite(env, "samba.tests.samba_tool.user", + environ={"EXPECT_NT_HASH": int(nt_hash)}) + # test get-kerberos-ticket for locally accessible and group managed service accounts + planpythontestsuite(env, "samba.tests.samba_tool.user_get_kerberos_ticket") + planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword") + planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg") +planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script") + +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.group") +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.ou") +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.computer") +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.contact") +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.forest") +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.schema") +planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_claim") +planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_policy") +planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_silo") +planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_models") +planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema") +planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl") +planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check") +planpythontestsuite("none", "samba.tests.samba_tool.provision_lmdb_size") +planpythontestsuite("none", "samba.tests.samba_tool.provision_userPassword_crypt") +planpythontestsuite("none", "samba.tests.samba_tool.help") +# Make sure samba-tool can execute without import failures when run +# without the ad-dc built. The fileserver test environment runs against +# the samba-h5l-build autobuild. This build was chosen because it's +# configured with --without-ad-dc and does not disable ads, which is +# required to run some samba-tool commands. +planpythontestsuite("fileserver", "samba.tests.samba_tool.help") + +planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.passwordsettings") +planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.dsacl") + +planpythontestsuite("none", "samba.tests.samba_upgradedns_lmdb") + +# Run these against chgdcpass to share the runtime load +planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.sites") +planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.dnscmd") + +# Run this against chgdcpass to ensure at least one python3 test +# against this autobuild target (samba-ad-dc-2) +planpythontestsuite("chgdcpass:local", "samba.tests.dcerpc.rpcecho") + +planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAME%$PASSWORD"']) +test_bin = os.path.abspath(os.path.join(os.getenv('BINDIR', './bin'), '../python/samba/tests/bin')) +planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"'], + environ={'PATH':':'.join([test_bin, os.getenv('PATH', '')])}) +planoldpythontestsuite("ad_member", "samba.tests.gpo_member", extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"']) + +planoldpythontestsuite("ad_dc", "samba.tests.sid_strings") + +# Run the import test in environments that may not have the ad-dc built +envs = ['fileserver_smb1', 'nt4_member', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel'] +if have_cluster_support: + envs.append('clusteredmember') +for env in envs: + planoldpythontestsuite(env, "samba.tests.imports") + +have_fast_support = 1 +claims_support = 1 + +# MIT +kadmin_is_tgs = int('SAMBA4_USES_HEIMDAL' not in config_hash) + +# Heimdal +compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash) +expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash) +extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash) +check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash) +check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash) +expect_nt_status = int('SAMBA4_USES_HEIMDAL' in config_hash) +as_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash) +tgs_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash) + +ca_dir = os.path.join('selftest', 'manage-ca', 'CA-samba.example.com') + +# This certificate is currently used just to get the name of the certificate +# issuer. +ca_cert_path = os.path.join(ca_dir, + 'DCs', + 'addc.addom.samba.example.com', + 'DC-addc.addom.samba.example.com-cert.pem') + +# The private key is used to issue new certificates. +ca_private_key_path = os.path.join(ca_dir, + 'Private', + 'CA-samba.example.com-private-key.pem') +ca_pass = '1234' + +krb5_environ = { + 'SERVICE_USERNAME': '$SERVER', + 'ADMIN_USERNAME': '$DC_USERNAME', + 'ADMIN_PASSWORD': '$DC_PASSWORD', + 'ADMIN_KVNO': '1', + 'FOR_USER': '$DC_USERNAME', + 'STRICT_CHECKING':'0', + 'FAST_SUPPORT': have_fast_support, + 'CLAIMS_SUPPORT': claims_support, + 'COMPOUND_ID_SUPPORT': compound_id_support, + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers, + 'CHECK_CNAME': check_cname, + 'CHECK_PADATA': check_padata, + 'KADMIN_IS_TGS': kadmin_is_tgs, + 'EXPECT_NT_STATUS': expect_nt_status, + 'AS_REQ_LOGGING_SUPPORT': as_req_logging_support, + 'TGS_REQ_LOGGING_SUPPORT': tgs_req_logging_support, + 'CA_CERT': ca_cert_path, + 'CA_PRIVATE_KEY': ca_private_key_path, + 'CA_PASS': ca_pass, +} +planoldpythontestsuite("none", "samba.tests.krb5.kcrypto") +planoldpythontestsuite("none", "samba.tests.krb5.claims_in_pac") +planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests", + environ=krb5_environ) +for env, fast_support in [("ad_dc_default:local", True), + ("fl2003dc:local", False)]: + planoldpythontestsuite(env, "samba.tests.krb5.s4u_tests", + environ={ + **krb5_environ, + 'FAST_SUPPORT': int(have_fast_support and fast_support), + }) +planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests", + environ=krb5_environ) + +planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns") + +planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests", + environ=krb5_environ) + +planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache", + environ=krb5_environ) +planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap", + environ=krb5_environ) +for env in ['ad_dc_default', 'ad_member']: + planoldpythontestsuite(env, "samba.tests.krb5.test_rpc", + environ=krb5_environ) +planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb", + environ=krb5_environ) +planoldpythontestsuite("ad_member_idmap_nss:local", + "samba.tests.krb5.test_min_domain_uid", + environ=krb5_environ) +planoldpythontestsuite("ad_member_idmap_nss:local", + "samba.tests.krb5.test_idmap_nss", + environ={ + **krb5_environ, + 'MAPPED_USERNAME': 'bob', + 'MAPPED_PASSWORD': 'Secret007', + 'UNMAPPED_USERNAME': 'jane', + 'UNMAPPED_PASSWORD': 'Secret007', + 'INVALID_USERNAME': 'joe', + 'INVALID_PASSWORD': 'Secret007', + }) + +for env in ["ad_dc", smbv1_disabled_testenv]: + planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +planoldpythontestsuite( + "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"']) + +for env in ["chgdcpass", "ad_member"]: + planoldpythontestsuite(env, "samba.tests.dcerpc.raw_protocol", + environ={"MAX_NUM_AUTH": "8", + "USERNAME": "$DC_USERNAME", + "PASSWORD": "$DC_PASSWORD"}) + +if have_heimdal_support: + planoldpythontestsuite("ad_dc_smb1:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'], + environ={'CLIENT_IP': '10.53.57.11', + 'SOCKET_WRAPPER_DEFAULT_IFACE': 11}) + planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'], + environ={'CLIENT_IP': '10.53.57.11', + 'SOCKET_WRAPPER_DEFAULT_IFACE': 11}) + planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change", + extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change", + extra_args=['-U"$USERNAME%$PASSWORD"']) + + # these tests use a NCA local RPC connection, so always run on the + # :local testenv, and so don't need to fake a client connection + for env in ["ad_dc_ntvfs:local", "ad_dc:local"]: + planoldpythontestsuite(env, "samba.tests.auth_log_ncalrpc", extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite(env, "samba.tests.auth_log_samlogon", + extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite(env, "samba.tests.auth_log_netlogon", + extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite(env, "samba.tests.auth_log_netlogon_bad_creds", + extra_args=['-U"$USERNAME%$PASSWORD"']) + + planoldpythontestsuite("ad_member:local", + "samba.tests.auth_log_winbind", + extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"']) + planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change", + extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb", + extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite("ad_dc", "samba.tests.group_audit", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +planoldpythontestsuite("fl2008r2dc", + "samba.tests.getdcname", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +planoldpythontestsuite("ad_dc_smb1", + "samba.tests.net_join_no_spnego", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc", + "samba.tests.net_join", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc", + "samba.tests.s3_net_join", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc", + "samba.tests.segfault", + extra_args=['-U"$USERNAME%$PASSWORD"']) +# Need to test the password hashing in multiple environments to ensure that +# all the possible options are covered +# +# ad_dc:local functional_level >= 2008, gpg keys available +planoldpythontestsuite("ad_dc:local", + "samba.tests.password_hash_gpgme", + extra_args=['-U"$USERNAME%$PASSWORD"']) +# ad_dc_ntvfs:local functional level >= 2008, gpg keys not available +planoldpythontestsuite("ad_dc_ntvfs:local", + "samba.tests.password_hash_fl2008", + extra_args=['-U"$USERNAME%$PASSWORD"']) +# fl2003dc:local functional level < 2008, gpg keys not available +planoldpythontestsuite("fl2003dc:local", + "samba.tests.password_hash_fl2003", + extra_args=['-U"$USERNAME%$PASSWORD"']) +# ad_dc: wDigest values over ldap +planoldpythontestsuite("ad_dc", + "samba.tests.password_hash_ldap", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +for env in ["ad_dc_backup", smbv1_disabled_testenv]: + planoldpythontestsuite(env + ":local", "samba.tests.domain_backup", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +planoldpythontestsuite("ad_dc", + "samba.tests.domain_backup_offline") +# Encrypted secrets +# ensure default provision (ad_dc) and join (vampire_dc) +# encrypt secret values on disk. +planoldpythontestsuite("ad_dc:local", + "samba.tests.encrypted_secrets", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("vampire_dc:local", + "samba.tests.encrypted_secrets", + extra_args=['-U"$USERNAME%$PASSWORD"']) +# The fl2000dc environment is provisioned with the --plaintext_secrets option +# so this test will fail, which proves the secrets are not being encrypted. +# There is an entry in known_fail.d. +planoldpythontestsuite("fl2000dc:local", + "samba.tests.encrypted_secrets", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +planpythontestsuite("none", + "samba.tests.lsa_string") + +planoldpythontestsuite("ad_dc_ntvfs", + "samba.tests.krb5_credentials", + extra_args=['-U"$USERNAME%$PASSWORD"']) + +for env in ["ad_dc_ntvfs", "vampire_dc", "promoted_dc"]: + planoldpythontestsuite(env, + "samba.tests.py_credentials", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc_ntvfs", + "samba.tests.emulate.traffic", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc_ntvfs", + "samba.tests.emulate.traffic_packet", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc_ntvfs", + "samba.tests.blackbox.traffic_replay", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc_ntvfs", + "samba.tests.blackbox.traffic_learner", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("ad_dc_ntvfs", + "samba.tests.blackbox.traffic_summary", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("none", "samba.tests.loadparm") +planoldpythontestsuite("fileserver", + "samba.tests.blackbox.mdsearch", + extra_args=['-U"$USERNAME%$PASSWORD"']) +planoldpythontestsuite("fileserver", + "samba.tests.blackbox.smbcacls_basic") +planoldpythontestsuite("fileserver", + "samba.tests.blackbox.smbcacls_basic", + "samba.tests.blackbox.smbcacls_basic(DFS)", + environ={'SHARE': 'msdfs-share', + 'TESTDIR': 'smbcacls_sharedir_dfs'}) +# Run smbcacls_propagate_inhertance tests on non msdfs root share +planoldpythontestsuite("fileserver", + "samba.tests.blackbox.smbcacls_propagate_inhertance") +planoldpythontestsuite("fileserver", + "samba.tests.blackbox.smbcacls_save_restore") +planoldpythontestsuite("ad_member", + "samba.tests.blackbox.smbcacls_save_restore", + environ={'USER': '$DC_USERNAME', + 'PASSWORD' : '$DC_PASSWORD'} + ) + +# +# A) Run the smbcacls_propagate_inhertance tests on a msdfs root share +# *without* any nested dfs links +# B) Run the smbcacls_propagate_inhertance tests on a msdfs root share +# *with* a nested dfs link +# +planoldpythontestsuite("fileserver", + "samba.tests.blackbox.smbcacls_dfs_propagate_inherit", + "samba.tests.blackbox.smbcacls_dfs_propagate_inherit(DFS-msdfs-root)", + environ={'SHARE': 'smbcacls_share'}) +# +# Want a selection of environments across the process models +# +for env in ["ad_dc_ntvfs:local", "ad_dc:local", + "fl2003dc:local", "fl2008r2dc:local", + "promoted_dc:local"]: + planoldpythontestsuite(env, "samba.tests.blackbox.smbcontrol") + +planoldpythontestsuite("none", "samba.tests.blackbox.downgradedatabase") + +planpythontestsuite("ad_member:local", "samba.tests.blackbox.netads_dns") + +plantestsuite_loadlist("samba4.ldap.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap_modify_order.python(ad_dc_default)", + "ad_dc_default", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/" + "ldap_modify_order.py"), + # add "-v" here to diagnose + '$SERVER', + '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', + '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap_modify_order.normal_user.python(ad_dc_default)", + "ad_dc_default", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/" + "ldap_modify_order.py"), + '--normal-user', + # add "-v" here to diagnose + '$SERVER', + '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', + '$LISTOPT']) + +planoldpythontestsuite("ad_dc", + "samba.tests.ldap_raw", + extra_args=['-U"$USERNAME%$PASSWORD"'], + environ={'TEST_ENV': 'ad_dc'}) + +plantestsuite_loadlist("samba.tests.ldap_spn", "ad_dc", + [python, + f"{srcdir()}/python/samba/tests/ldap_spn.py", + '$SERVER', + '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba.tests.ldap_upn_sam_account", "ad_dc_ntvfs", + [python, + f"{srcdir()}/python/samba/tests/ldap_upn_sam_account.py", + '$SERVER', + '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', '$LISTOPT']) + + +plantestsuite_loadlist("samba4.tokengroups.krb5.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'yes', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba4.tokengroups.ntlm.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'no', '$LOADLIST', '$LISTOPT']) +plantestsuite("samba4.sam.python(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) +plantestsuite("samba4.sam.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) +plantestsuite("samba4.asq.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "asq.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) +plantestsuite("samba4.user_account_control.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) +plantestsuite("samba4.priv_attrs.python(ad_dc_default)", "ad_dc_default", ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) +plantestsuite("samba4.priv_attrs.strict.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) +plantestsuite("samba4.unicodepwd_encrypted(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "unicodepwd_encrypted.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) + +for env in ['ad_dc_default:local', 'schema_dc:local']: + planoldpythontestsuite(env, "dsdb_schema_info", + extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], + name="samba4.schemaInfo.python(%s)" % (env), + extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"']) + + planpythontestsuite(env, "samba.tests.dsdb_schema_attributes") + +plantestsuite_loadlist("samba4.urgent_replication.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "urgent_replication.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba4.ldap.dirsync.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "dirsync.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules_remote.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite("samba4.ldap.index.python", "none", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/index.py")]) +plantestsuite_loadlist("samba4.ldap.notification.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "notification.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba4.ldap.sites.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sites.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +env = 'vampire_dc' +# Test with LMDB (GSSAPI/SASL bind) +plantestsuite_loadlist("samba4.ldap.large_ldap.gssapi.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=yes', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +env = 'ad_dc_default' +# Test with TDB (NTLMSSP bind) +plantestsuite_loadlist("samba4.ldap.large_ldap.ntlmssp.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=no', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +env = 'ad_dc_ntvfs' +# Test with ldaps:// +plantestsuite_loadlist("samba4.ldap.large_ldap.ldaps.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldaps://$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +env = 'fl2008r2dc' +# Test with straight ldap +plantestsuite_loadlist("samba4.ldap.large_ldap.straight_ldap.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldap://$SERVER', '--simple-bind-dn=$USERNAME@$REALM', '--password=$PASSWORD', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +planoldpythontestsuite("ad_dc_default", "sort", environ={'SERVER' : '$SERVER', 'DATA_DIR' : os.path.join(samba4srcdir, 'dsdb/tests/python/testdata/')}, name="samba4.ldap.sort.python", extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) + +plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc)", "ad_dc:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)", + "ad_dc_ntvfs:local", + [python, os.path.join(samba4srcdir, + "dsdb/tests/python/subtree_rename.py"), + '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', + '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', + '$LOADLIST', + '$LISTOPT']) + +planoldpythontestsuite( + "ad_dc_ntvfs", + "samba.tests.ldap_referrals", + environ={ + 'SERVER': '$SERVER', + }, + name="samba.ldap.referrals", + extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) + +# These should be the first tests run against testenvs created by backup/restore +for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']: + # check that a restored DC matches the original DC (backupfromdc) + plantestsuite("samba4.blackbox.ldapcmp_restore", env, + ["PYTHON=%s" % python, + os.path.join(bbdir, "ldapcmp_restoredc.sh"), + '$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env]) + +# we also test joining backupfromdc here, as it's a bit special in that it +# doesn't have Default-First-Site-Name +for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc', + 'labdc']: + # basic test that we can join the testenv DC + plantestsuite("samba4.blackbox.join_ldapcmp", env, + ["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")]) + +env = 'backupfromdc' +planoldpythontestsuite("%s:local" % env, "samba_tool_drs_no_dns", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.samba_tool_drs_no_dns.python(%s)" % env, + environ={'DC1': '$DC_SERVER', 'DC2': '$DC_SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +plantestsuite_loadlist("samba4.ldap.rodc.python(rodc)", "rodc", + [python, + os.path.join(DSDB_PYTEST_DIR, "rodc.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +plantestsuite_loadlist("samba4.ldap.rodc_rwdc.python(rodc)", "rodc:local", + [python, + os.path.join(samba4srcdir, + "dsdb/tests/python/rodc_rwdc.py"), + '$SERVER', '$DC_SERVER', '-U"$USERNAME%$PASSWORD"', + '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +planoldpythontestsuite("rodc:local", "replica_sync_rodc", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.replica_sync_rodc.python(rodc)", + environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +planoldpythontestsuite("ad_dc_default_smb1", "password_settings", + extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], + name="samba4.ldap.passwordsettings.python", + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +for env in all_fl_envs + ["schema_dc"]: + plantestsuite_loadlist("samba4.ldap_schema.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "ldap_schema.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"]) + plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + plantestsuite_loadlist("samba4.ldap.acl_modify.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl_modify.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + +for env in all_fl_envs + ["schema_dc", "ad_dc_no_ntlm"]: + if env != "fl2000dc": + # This test makes excessive use of the "userPassword" attribute which + # isn't available on DCs with Windows 2000 domain function level - + # therefore skip it in that configuration + plantestsuite_loadlist("samba4.ldap.passwords.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "passwords.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", '$LOADLIST', '$LISTOPT']) + +for env in ["ad_dc_slowtests"]: + # This test takes a lot of time, so we run it against a minimum of + # environments, please only add new ones if there's really a + # difference we need to test + plantestsuite_loadlist("samba4.ldap.vlv.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "vlv.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + plantestsuite_loadlist("samba4.ldap.confidential_attr.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "confidential_attr.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) + plantestsuite_loadlist("samba4.ldap.password_lockout.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "password_lockout.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", '$LOADLIST', '$LISTOPT']) + planoldpythontestsuite(env, "tombstone_reanimation", + name="samba4.tombstone_reanimation.python", + environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME', 'TEST_PASSWORD': '$PASSWORD'}, + extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')] + ) + planoldpythontestsuite(env, "samba.tests.join", + name="samba.tests.join.python(%s)" % env, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +# this is a basic sanity-check of Kerberos/NTLM user login +for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc", "ad_dc_no_ntlm"]: + plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env, + [python, os.path.join(DSDB_PYTEST_DIR, "login_basics.py"), + "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", + '$LOADLIST', '$LISTOPT']) + +planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.upgradeprovisionneeddc") +planpythontestsuite("ad_dc:local", "samba.tests.posixacl") +planpythontestsuite("ad_dc_no_nss:local", "samba.tests.posixacl") +plantestsuite_loadlist("samba4.deletetest.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "deletetest.py"), + '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")]) +plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision']) +plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision']) +plantestsuite("samba4.blackbox.provision_fileperms", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/provision_fileperms.sh"), '$PREFIX/provision']) +plantestsuite("samba4.blackbox.supported_features", "none", + ["PYTHON=%s" % python, + os.path.join(samba4srcdir, + "setup/tests/blackbox_supported_features.sh"), + '$PREFIX/provision']) +plantestsuite("samba4.blackbox.start_backup", "none", + ["PYTHON=%s" % python, + os.path.join(samba4srcdir, + "setup/tests/blackbox_start_backup.sh"), + '$PREFIX/provision']) +plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision']) +plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision']) +plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision']) +plantestsuite("samba4.blackbox.group.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_group.sh"), '$PREFIX/provision']) +plantestsuite("samba4.blackbox.spn.py(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_spn.sh"), '$PREFIX/ad_dc_ntvfs']) +plantestsuite_loadlist("samba4.ldap.bind(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(srcdir(), "auth/credentials/tests/bind.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '$LOADLIST', '$LISTOPT']) + +# This makes sure we test the rid allocation code +t = "rpc.samr.large-dc" +plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname=("samba4.%s.one" % t)) +plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s.two" % t) + +# RPC smoke-tests for testenvs of interest (RODC, etc) +for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']: + plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo") + plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo") + plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", r'-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed") + plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied") + plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', binpath('smbclient')]) + +planpythontestsuite("rodc:local", "samba.tests.samba_tool.rodc") + +plantestsuite("samba.blackbox.rpcclient_samlogon", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"), + "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration]) + +plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"), + r"testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration]) + +plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"), + "testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration]) + + +# Test renaming the DC +plantestsuite("samba4.blackbox.renamedc.sh", "none", ["PYTHON=%s" % python, os.path.join(bbdir, "renamedc.sh"), '$PREFIX/provision']) + +# DRS python tests +# Note that $DC_SERVER is the PDC (e.g. ad_dc_ntvfs) and $SERVER is +# the 2nd DC (e.g. vampire_dc). + +env = 'vampire_dc' +planoldpythontestsuite(env, "ridalloc_exop", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.ridalloc_exop.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +# This test can pollute the environment a little by creating and +# deleting DCs which can get into the replication state for a while. +# +# The setting of DC1 to $DC_SERVER means that it will join towards and +# operate on schema_dc. This matters most when running +# test_samba_tool_replicate_local as this sets up a full temp DC and +# does new replication to it, which can show up in the replication +# topology. +# +# That is why this test is run on the isolated environment and not on +# those connected with ad_dc (vampiredc/promoteddc) +# +# The chgdcpass environment is likewise isolated and emulates Samba 4.5 +# with regard to GET_ANC + +env = 'schema_pair_dc' +planoldpythontestsuite("%s:local" % env, "samba_tool_drs", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.samba_tool_drs.python(%s)" % env, + environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) +for env in ['chgdcpass', 'schema_pair_dc']: + planoldpythontestsuite("%s:local" % env, "samba_tool_drs_critical", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.samba_tool_drs_critical.python(%s)" % env, + environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +env = "schema_pair_dc" +planoldpythontestsuite(env, "getnc_schema", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.getnc_schema.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER', + "PLEASE_BREAK_MY_WINDOWS": "1"}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +# This test can be sensitive to the DC joins and replications done in +# "samba_tool_drs" so it is run against schema_pair_dc/schema_dc +# not the set of environments connected with ad_dc. + +# This will show the replication state of ad_dc +env = "schema_pair_dc" +planoldpythontestsuite("%s:local" % env, "samba_tool_drs_showrepl", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.samba_tool_drs_showrepl.python(%s)" % env, + environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +for env in ['vampire_dc', 'promoted_dc']: + planoldpythontestsuite("%s:local" % env, "replica_sync", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.replica_sync.python(%s)" % env, + environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "delete_object", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.delete_object.python(%s)" % env, + environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "fsmo", + name="samba4.drs.fsmo.python(%s)" % env, + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "repl_secdesc", + name="samba4.drs.repl_secdesc.python(%s)" % env, + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "repl_move", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.repl_move.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "getnc_unpriv", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.getnc_unpriv.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "linked_attributes_drs", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.linked_attributes_drs.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "link_conflicts", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.link_conflicts.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +# Environment chgdcpass has the Samba 4.5 GET_ANC behaviour, which we +# set a knownfail to expect +for env in ['vampire_dc', 'promoted_dc', 'chgdcpass']: + planoldpythontestsuite(env, "getnc_exop", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.getnc_exop.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +for env in ['vampire_dc', 'promoted_dc', 'vampire_2000_dc']: + planoldpythontestsuite(env, "repl_schema", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.repl_schema.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +# A side-effect of the getncchanges tests is that they will create hundreds of +# tombstone objects, so run them last to avoid interfering with (and slowing +# down) the other DRS tests +for env in ['vampire_dc', 'promoted_dc']: + planoldpythontestsuite(env, "getncchanges", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.getncchanges.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +for env in ['ad_dc_ntvfs']: + planoldpythontestsuite(env, "repl_rodc", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.repl_rodc.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "cracknames", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.cracknames.python(%s)" % env, + environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + +planoldpythontestsuite("chgdcpass:local", "samba.tests.blackbox.samba_dnsupdate", + environ={'DNS_SERVER_IP': '$SERVER_IP'}) + +for env in ["s4member", "rodc", "promoted_dc", "ad_dc", "ad_member"]: + plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env]) + +# Offline logon (ad_member) +plantestsuite("samba.blackbox.offline_logon", + "ad_member_offlogon", + [os.path.join(bbdir, "test_offline_logon.sh"), + '$DOMAIN', + 'alice', 'Secret007', + 'bob', 'Secret007', + 'jane', 'Secret007', + 'joe', 'Secret007']) + +# +# KDC Tests +# + +# This test is for users cached at the RODC +plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD', + '--workgroup=$DOMAIN', '--realm=$REALM', + '--option=torture:krb5-upn=testdenied_upn@$REALM.upn', + '--option=torture:expect_rodc=true'], + "samba4.krb5.kdc with account DENIED permission to replicate to an RODC") +plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", r'-Utestallowed\ account%$PASSWORD', + '--workgroup=$DOMAIN', '--realm=$REALM', + '--option=torture:expect_machine_account=true', + r'--option=torture:krb5-upn=testallowed\ upn@$REALM', + '--option=torture:krb5-hostname=testallowed', + '--option=torture:expect_rodc=true', + '--option=torture:expect_cached_at_rodc=true'], + "samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC") + +# This ensures we have correct behaviour on a server that is not not the PDC emulator +env = "promoted_dc" +plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'], + "samba4.krb5.kdc with specified account") +plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestupnspn%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM', + '--option=torture:expect_machine_account=true', + '--option=torture:krb5-upn=http/testupnspn.$DNSNAME@$REALM', + '--option=torture:krb5-hostname=testupnspn.$DNSNAME', + '--option=torture:krb5-service=http'], + "samba4.krb5.kdc with account having identical UPN and SPN") +for env in ["fl2008r2dc", "fl2003dc"]: + fast_support = have_fast_support + if env in ["fl2003dc"]: + fast_support = 0 + planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests", + environ={ + **krb5_environ, + 'FAST_SUPPORT': fast_support, + }) + +planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests', + environ=krb5_environ) + +for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: + if env == "rodc": + # The machine account is cached at the RODC, as it is the local account + extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true'] + else: + extra_options = [] + + plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P', + '--workgroup=$DOMAIN', '--realm=$REALM', + '--option=torture:krb5-hostname=$SERVER', + '--option=torture:run_removedollar_test=true', + '--option=torture:expect_machine_account=true'] + extra_options, + "samba4.krb5.kdc with machine account") + +planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", + environ=krb5_environ) +for env, fast_support in [("ad_dc", True), + ("fl2003dc", False)]: + planpythontestsuite(env, "samba.tests.krb5.compatability_tests", + environ={ + **krb5_environ, + 'FAST_SUPPORT': int(have_fast_support and fast_support), + }) +planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests", + environ=krb5_environ) +planpythontestsuite( + "ad_dc", + "samba.tests.krb5.kdc_tgs_tests", + environ=krb5_environ) +planpythontestsuite( + "ad_dc", + "samba.tests.krb5.fast_tests", + environ=krb5_environ) +planpythontestsuite( + "ad_dc", + "samba.tests.krb5.ms_kile_client_principal_lookup_tests", + environ=krb5_environ) +planpythontestsuite( + "ad_dc", + "samba.tests.krb5.spn_tests", + environ=krb5_environ) +planpythontestsuite( + "ad_dc", + "samba.tests.krb5.alias_tests", + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.pac_align_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.protected_users_tests', + environ=krb5_environ) +for env, nt_hash in [("ad_dc:local", True), + ("ad_dc_no_ntlm:local", False)]: + planoldpythontestsuite( + env, + 'samba.tests.krb5.nt_hash_tests', + environ={ + **krb5_environ, + 'EXPECT_NT_HASH': int(nt_hash), + }) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.kpasswd_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.claims_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.device_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc:local', + 'samba.tests.krb5.lockout_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.group_tests', + environ=krb5_environ) +for env, forced_rc4 in [('ad_dc', False), + ('promoted_dc', True)]: + planoldpythontestsuite( + env, + 'samba.tests.krb5.etype_tests', + environ={ + **krb5_environ, + 'DC_SERVER': '$SERVER', + 'DC_SERVER_IP': '$SERVER_IP', + 'DC_SERVER_IPV6': '$SERVER_IPV6', + 'FORCED_RC4': int(forced_rc4), + }) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.authn_policy_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.pkinit_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.conditional_ace_tests', + environ=krb5_environ) +planoldpythontestsuite( + 'ad_dc', + 'samba.tests.krb5.gkdi_tests', + environ=krb5_environ) + +for env in [ + 'vampire_dc', + 'promoted_dc']: + planoldpythontestsuite(env, "samba.tests.kcc", + name="samba.tests.kcc", + environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME', + 'TEST_PASSWORD': '$PASSWORD', + 'TEST_ENV': env + }, + extra_path=[os.path.join(srcdir(), "samba/python"), ]) + planpythontestsuite(env, "samba.tests.samba_tool.visualize_drs") + +planpythontestsuite("ad_dc_default:local", "samba.tests.kcc.kcc_utils") + +for env in ["simpleserver", "fileserver", "nt4_dc", "ad_dc", + "ad_member", "offlinebackupdc", "restoredc", "renamedc", "labdc", 'schema_pair_dc']: + planoldpythontestsuite(env, "netlogonsvc", + extra_path=[os.path.join(srcdir(), 'python/samba/tests')], + name="samba.tests.netlogonsvc.python(%s)" % env) + +for env in ["ktest", "ad_member", "ad_dc_no_ntlm"]: + planoldpythontestsuite(env, "ntlmdisabled", + extra_path=[os.path.join(srcdir(), 'python/samba/tests')], + name="samba.tests.ntlmdisabled.python(%s)" % env) + +# Demote the vampire DC, it must be the last test each DC, before the dbcheck +for env in ['vampire_dc', 'promoted_dc', 'rodc']: + planoldpythontestsuite(env, "samba.tests.samba_tool.demote", + name="samba.tests.samba_tool.demote", + environ={ + 'CONFIGFILE': '$PREFIX/%s/etc/smb.conf' % env + }, + extra_args=['-U"$USERNAME%$PASSWORD"'], + extra_path=[os.path.join(srcdir(), "samba/python")] + ) +# TODO: Verifying the databases really should be a part of the +# environment teardown. +# check the databases are all OK. PLEASE LEAVE THIS AS THE LAST TEST +for env in ["ad_dc", "fl2000dc", "fl2003dc", "fl2008r2dc", + 'vampire_dc', 'promoted_dc', 'backupfromdc', 'restoredc', + 'renamedc', 'offlinebackupdc', 'labdc']: + plantestsuite("samba4.blackbox.dbcheck(%s)" % env, env + ":local", ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck.sh"), '$PREFIX/provision', configuration]) + +# +# Tests to verify bug 13653 https://bugzilla.samba.org/show_bug.cgi?id=13653 +# ad_dc has an lmdb backend, ad_dc_ntvfs has a tdb backend. +# +planoldpythontestsuite("ad_dc_ntvfs:local", + "samba.tests.blackbox.bug13653", + extra_args=['-U"$USERNAME%$PASSWORD"'], + environ={'TEST_ENV': 'ad_dc_ntvfs'}) +planoldpythontestsuite("ad_dc:local", + "samba.tests.blackbox.bug13653", + extra_args=['-U"$USERNAME%$PASSWORD"'], + environ={'TEST_ENV': 'ad_dc'}) +# cmocka tests not requiring a specific environment +# +plantestsuite("samba4.dsdb.samdb.ldb_modules.unique_object_sids", "none", + [os.path.join(bindir(), "test_unique_object_sids")]) +plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.tdb", "none", + [os.path.join(bindir(), "test_encrypted_secrets_tdb")]) +plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb", "none", + [os.path.join(bindir(), "test_encrypted_secrets_mdb")]) +plantestsuite("lib.audit_logging.audit_logging", "none", + [os.path.join(bindir(), "audit_logging_test")]) +plantestsuite("lib.audit_logging.audit_logging.errors", "none", + [os.path.join(bindir(), "audit_logging_error_test")]) +plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_util", "none", + [os.path.join(bindir(), "test_audit_util")]) +plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log", "none", + [os.path.join(bindir(), "test_audit_log")]) +plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log.errors", "none", + [os.path.join(bindir(), "test_audit_log_errors")]) +plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit", "none", + [os.path.join(bindir(), "test_group_audit")]) +plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit.errors", "none", + [os.path.join(bindir(), "test_group_audit_errors")]) +plantestsuite("samba4.dcerpc.dnsserver.dnsutils", "none", + [os.path.join(bindir(), "test_rpc_dns_server_dnsutils")]) +plantestsuite("libcli.drsuapi.repl_decrypt", "none", + [os.path.join(bindir(), "test_repl_decrypt")]) +plantestsuite("librpc.ndr.ndr_string", "none", + [os.path.join(bindir(), "test_ndr_string")]) +plantestsuite("librpc.ndr.ndr", "none", + [os.path.join(bindir(), "test_ndr")]) +plantestsuite("librpc.ndr.ndr_macros", "none", + [os.path.join(bindir(), "test_ndr_macros")]) +plantestsuite("librpc.ndr.ndr_dns_nbt", "none", + [os.path.join(bindir(), "test_ndr_dns_nbt")]) +plantestsuite("librpc.ndr.test_ndr_gmsa", "none", + [os.path.join(bindir(), "test_ndr_gmsa")]) +plantestsuite("libcli.ldap.ldap_message", "none", + [os.path.join(bindir(), "test_ldap_message")]) + +# process restart and limit tests, these break the environment so need to run +# in their own specific environment +planoldpythontestsuite("preforkrestartdc:local", + "samba.tests.prefork_restart", + extra_path=[ + os.path.join(srcdir(), 'python/samba/tests')], + extra_args=['-U"$USERNAME%$PASSWORD"'], + name="samba.tests.prefork_restart") +planoldpythontestsuite("preforkrestartdc:local", + "samba.tests.blackbox.smbcontrol_process", + extra_path=[ + os.path.join(srcdir(), 'python/samba/tests')], + extra_args=['-U"$USERNAME%$PASSWORD"'], + name="samba.tests.blackbox.smbcontrol_process") +planoldpythontestsuite("proclimitdc", + "samba.tests.process_limits", + extra_path=[ + os.path.join(srcdir(), 'python/samba/tests')], + extra_args=['-U"$USERNAME%$PASSWORD"'], + name="samba.tests.process_limits") + +planoldpythontestsuite("none", "samba.tests.usage") +planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc") +planoldpythontestsuite("none", "samba.tests.compression") +planpythontestsuite("none", "samba.tests.security_descriptors") + +if have_cluster_support: + cluster_environ = { + "SERVER_HOSTNAME": "$NETBIOSNAME", + "INTERFACE_GROUP_NAME": "$NETBIOSNAME", + "CLUSTER_SHARE": "registry_share", + "USERNAME": "$DC_USERNAME", + "PASSWORD": "$DC_PASSWORD", + } + planpythontestsuite("clusteredmember:local", + "samba.tests.blackbox.rpcd_witness_samba_only", + environ=cluster_environ) diff --git a/source4/selftest/tests_win.sh b/source4/selftest/tests_win.sh new file mode 100755 index 0000000..fafaef1 --- /dev/null +++ b/source4/selftest/tests_win.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +if [ $(whoami) != "root" ]; then + echo "Windows tests will not run without root privileges." + exit 1 +fi + +if [ "$DO_SOCKET_WRAPPER" = SOCKET_WRAPPER ]; then + echo "Windows tests will not run with socket wrapper enabled." + exit 1 +fi + +if [ ! $WINTESTCONF ]; then + echo "Environment variable WINTESTCONF has not been defined." + echo "Windows tests will not run unconfigured." + exit 1 +fi + +if [ ! -r $WINTESTCONF ]; then + echo "$WINTESTCONF could not be read." + exit 1 +fi + +export WINTEST_DIR=$SRCDIR/selftest/win +export TMPDIR=$TMPDIR +export NETBIOSNAME=$NETBIOSNAME + +. $WINTESTCONF + +$SRCDIR/selftest/test_win.sh diff --git a/source4/selftest/tests_win2k3_dc.sh b/source4/selftest/tests_win2k3_dc.sh new file mode 100755 index 0000000..290a4ef --- /dev/null +++ b/source4/selftest/tests_win2k3_dc.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +if [ ! $WINTESTCONF ]; then + echo "Environment variable WINTESTCONF has not been defined." + echo "Windows tests will not run unconfigured." + exit 1 +fi + +if [ ! -r $WINTESTCONF ]; then + echo "$WINTESTCONF could not be read." + exit 1 +fi + +. selftest/test_functions.sh + +export SRCDIR=$SRCDIR + +tests="RPC-DRSUAPI RPC-SPOOLSS ncacn_np ncacn_ip_tcp" + +for name in $tests; do + testit $name rpc $SRCDIR/selftest/win/wintest_2k3_dc.sh $name +done diff --git a/source4/selftest/win/README b/source4/selftest/win/README new file mode 100644 index 0000000..f6e716c --- /dev/null +++ b/source4/selftest/win/README @@ -0,0 +1,72 @@ +This framework uses a VMware Server hosted Windows guest VM to test the +behaviour of Windows -> Samba and Samba -> Windows interactions. To setup a +Windows host for testing, vm_setup.tar.gz contain some scripts which create +an administrative user account, and enable and start the installed telnet +service on the Windows host. Optionally, the hostname and workgroup name can +also be set. vm_setup.tar.gz is currently located in the SOC/bnh branch of +Samba's SVN repository. + +PREREQUISITES + +To use these scripts, VMware Server needs to be running with a Windows guest +VM installed, IP addressed, and VMware tools needs to be installed and running +on the guest VM. The Windows OS I used to test with was Windows Server 2003, +but I think this should work with any version of Windows that has the +Microsoft telnet service installed. The VMware Server versions I used for +testing was 1.0.0 build-27828, and 1.0.0 build-28343. + +PLEASE NOTE: Due to problems with my original revert_snapshot() code, the initial +setup now requires that the VM configuration setting 'When Powering Off' is +manually set to 'Revert to snapshot' (snapshot.action="autoRevert" in the +guest's .vmx file). This should not be a permanent change, but the original +revert_snapshot() code I wrote no longer works and i'm not sure why. + +On the machine that these scripts are running on (this need not be the same +machine as the VMware host), the VMware perl scripting api needs to be +installed, as well as the vix-perl api. These come with the VMware Server +console package. + +After unzipping this file, the libraries are installed by extracting the +VMware-vix-e.x.p-<revision number>.tar.gz and +VMware-VmPerlAPI-e.x.p-<revision number>.tar.gz archives, and running the +vmware-install.pl scripts inside their respective directories. + +On Slackware 10.2, I encountered a problem in that when I tried to use the vix +api libraries, I would get the following error: + +SSLLoadSharedLibrary: Failed to load library /<client program directory>/libcrypto.so.0.9.7:/<client program directory>/libcrypto.so.0.9.7: cannot open a shared object file: No such file or directory. + +The fix found on the VMware knowledge base (search http://kb.vmware.com for +Doc ID: 1837104) states that it's a known problem with the scripting libraries, +and can be resolved by installing VMware Server on the host, which properly +sets up the SSL module loader. This is what I would suggest if you encounter +this, as it solved the problem for me (I don't have VMware Server actually +running on that host though). + +INSTALLATION + +To use these scripts, modify initial_setup.conf to match your environment. The +GUEST_HOSTNAME, GUEST_WORKGROUP, HOST_SERVER_NAME, HOST_SERVER_PORT, +HOST_USERNAME, and HOST_PASSWORD variables are optional, and are commented out +in this release. + +Running initial_setup.sh will: +* Get the IP address of the Windows guest VM. +* Take a snapshot of the pristine Windows guest. +* Copy the windows scripts from the windows-scripts directory on the unix host + to the directory on the Windows guest specified by the + GUEST_SCRIPT_PATH option. This path will be created on the guest if + it does not already exist. +* Execute win_setup.wsf on the Windows guest in order to create the + administrator account specified by GUEST_USERNAME and GUEST_PASSWORD, + enable and start the telnet service, and set the GUEST_HOSTNAME and + GUEST_WORKGROUP if configured. +* If these operations are successful so far, another snapshot is taken at this + point. This is the snapshot which is restored if the tests encounter + problems they are unable to recover from. + +These operations leave the Windows guest in a state such that it can be +remotely administered with telnet. Specifically, this will allow us to use +'make wintest' in Samba 4 to perform smbtorture tests against a Windows host, +and perform tests from a Windows client to a Samba server. + diff --git a/source4/selftest/win/VMHost.pm b/source4/selftest/win/VMHost.pm new file mode 100644 index 0000000..37d721e --- /dev/null +++ b/source4/selftest/win/VMHost.pm @@ -0,0 +1,359 @@ +#!/usr/bin/perl -w + +# A perl object to provide a simple, unified method of handling some +# VMware Server VM management functions using the perl and VIX API's. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +# VMware Perl API +use VMware::VmPerl; +use VMware::VmPerl::VM; +use VMware::VmPerl::ConnectParams; + +# VMware C bindings +use VMware::Vix::Simple; +use VMware::Vix::API::Constants; + +# Create a class to abstract from the Vix and VMPerl APIs. +{ package VMHost; + my $perl_vm = VMware::VmPerl::VM::new(); + my $perl_vm_credentials; + my $vix_vm; + my $vix_vm_host; + + my $err_code = 0; + my $err_str = ""; + + my $hostname; + my $port; + my $username; + my $password; + my $vm_cfg_path; + my $guest_admin_username; + my $guest_admin_password; + + sub error { + my $old_err_code = $err_code; + my $old_err_str = $err_str; + $err_code = 0; + $err_str = ""; + return ($old_err_code, $old_err_str); + } + + # Power on the guest if it isn't already running. + # Returns 0 when the guest is already running, and + # if not, it waits until it is started. + sub start_guest { + my $vm_power_state = $perl_vm->get_execution_state(); + if (!defined($vm_power_state)) { + ($err_code, $err_str) = $perl_vm->get_last_error(); + return ($err_code); + } + if ($vm_power_state == VMware::VmPerl::VM_EXECUTION_STATE_OFF + || $vm_power_state == + VMware::VmPerl::VM_EXECUTION_STATE_SUSPENDED) + { + if (!$perl_vm->start()) { + ($err_code, $err_str) = + $perl_vm->get_last_error(); + return ($err_code); + } + while ($perl_vm->get_tools_last_active() == 0) { + sleep(60); + } + } + return ($err_code); + } + + sub host_connect { + # When called as a method, the first parameter passed is the + # name of the method. Called locally, this function will lose + # the first parameter. + shift @_; + ($hostname, $port, $username, $password, $vm_cfg_path, + $guest_admin_username, $guest_admin_password) = @_; + + # Connect to host using vmperl api. + $perl_vm_credentials = + VMware::VmPerl::ConnectParams::new($hostname, $port, + $username, $password); + if (!$perl_vm->connect($perl_vm_credentials, $vm_cfg_path)) { + ($err_code, $err_str) = $perl_vm->get_last_error(); + undef $perl_vm; + return ($err_code); + } + + # Connect to host using vix api. + ($err_code, $vix_vm_host) = + VMware::Vix::Simple::HostConnect( + VMware::Vix::Simple::VIX_API_VERSION, + VMware::Vix::Simple::VIX_SERVICEPROVIDER_VMWARE_SERVER, + $hostname, $port, $username, $password, + 0, VMware::Vix::Simple::VIX_INVALID_HANDLE); + if ($err_code != VMware::Vix::Simple::VIX_OK) { + $err_str = + VMware::Vix::Simple::GetErrorText($err_code); + undef $perl_vm; + undef $vix_vm; + undef $vix_vm_host; + return ($err_code); + } + + # Power on our guest os if it isn't already running. + $err_code = start_guest(); + if ($err_code != 0) { + my $old_err_str = $err_str; + $err_str = "Starting guest power after connect " . + "failed: " . $old_err_str; + undef $perl_vm; + undef $vix_vm; + undef $vix_vm_host; + return ($err_code); + } + + # Open VM. + ($err_code, $vix_vm) = + VMware::Vix::Simple::VMOpen($vix_vm_host, $vm_cfg_path); + if ($err_code != VMware::Vix::Simple::VIX_OK) { + $err_str = + VMware::Vix::Simple::GetErrorText($err_code); + undef $perl_vm; + undef $vix_vm; + undef $vix_vm_host; + return ($err_code); + } + + # Login to $vix_vm guest OS. + $err_code = VMware::Vix::Simple::VMLoginInGuest($vix_vm, + $guest_admin_username, $guest_admin_password, + 0); + if ($err_code != VMware::Vix::Simple::VIX_OK) { + $err_str = + VMware::Vix::Simple::GetErrorText($err_code); + undef $perl_vm; + undef $vix_vm; + undef $vix_vm_host; + return ($err_code); + } + return ($err_code); + } + + sub host_disconnect { + undef $perl_vm; + + $perl_vm = VMware::VmPerl::VM::new(); + if (!$perl_vm) { + $err_code = 1; + $err_str = "Error creating new VmPerl object"; + } + + undef $vix_vm; + VMware::Vix::Simple::HostDisconnect($vix_vm_host); + VMware::Vix::Simple::ReleaseHandle($vix_vm_host); + return ($err_code); + } + + sub host_reconnect { + $err_code = host_disconnect(); + if ($err_code != 0) { + my $old_err_str = $err_str; + $err_str = "Disconnecting from host failed: " . + $old_err_str; + return ($err_code); + } + + $err_code = host_connect(NULL, $hostname, $port, $username, + $password, $vm_cfg_path, $guest_admin_username, + $guest_admin_password); + if ($err_code != 0) { + my $old_err_str = $err_str; + $err_str = "Re-connecting to host failed: " . + $old_err_str; + return ($err_code); + } + return ($err_code); + } + + sub create_snapshot { + my $snapshot; + + ($err_code, $snapshot) = + VMware::Vix::Simple::VMCreateSnapshot($vix_vm, + "Snapshot", "Created by vm_setup.pl", 0, + VMware::Vix::Simple::VIX_INVALID_HANDLE); + + VMware::Vix::Simple::ReleaseHandle($snapshot); + + if ($err_code != VMware::Vix::Simple::VIX_OK) { + $err_str = + VMware::Vix::Simple::GetErrorText($err_code); + return $err_code; + } + + $err_code = host_reconnect(); + if ($err_code != 0) { + my $old_err_str = $err_str; + $err_str = "Reconnecting to host after creating " . + "snapshot: " . $old_err_str; + return ($err_code); + } + return ($err_code); + } + + sub revert_snapshot { + # Because of problems with VMRevertToSnapshot(), we have to + # rely on the guest having set 'Revert to Snapshot' following + # a power-off event. + $err_code = VMware::Vix::Simple::VMPowerOff($vix_vm, 0); + if ($err_code != VMware::Vix::Simple::VIX_OK) { + $err_str = + VMware::Vix::Simple::GetErrorText($err_code); + return $err_code; + } + + # host_reconnect() will power-on a guest in a non-running state. + $err_code = host_reconnect(); + if ($err_code != 0) { + my $old_err_str = $err_str; + $err_str = "Reconnecting to host after reverting " . + "snapshot: " . $old_err_str; + return ($err_code); + } + return ($err_code); + } + + # $dest_path must exist. It doesn't get created. + sub copy_files_to_guest { + shift @_; + my (%files) = @_; + + my $src_file; + my $dest_file; + + foreach $src_file (keys(%files)) { + $dest_file = $files{$src_file}; + $err_code = + VMware::Vix::Simple::VMCopyFileFromHostToGuest( + $vix_vm, $src_file, $dest_file, 0, + VMware::Vix::Simple::VIX_INVALID_HANDLE); + if ($err_code != VMware::Vix::Simple::VIX_OK) { + $err_str = "Copying $src_file: " . + VMware::Vix::Simple::GetErrorText( + $err_code); + return $err_code; + } + } + return $err_code; + } + + sub copy_to_guest { + # Read parameters $src_path, $dest_path. + shift @_; + my ($src_path, $dest_dir) = @_; + + my $len = length($dest_dir); + my $idx = rindex($dest_dir, '\\'); + if ($idx != ($len - 1)) { + $err_code = -1; + $err_str = "Destination $dest_dir must be a " . + "directory path"; + return ($err_code); + } + + # Create the directory $dest_path on the guest VM filesystem. + my $cmd = "cmd.exe "; + my $cmd_args = "/C MKDIR " . $dest_dir; + $err_code = run_on_guest(NULL, $cmd, $cmd_args); + if ( $err_code != 0) { + my $old_err_str = $err_str; + $err_str = "Creating directory $dest_dir on host: " . + $old_err_str; + return ($err_code); + } + + # If $src_filepath specifies a file, create it in $dest_path + # and keep the same name. + # If $src_path is a directory, create the files it contains in + # $dest_path, keeping the same names. + $len = length($src_path); + my %files; + $idx = rindex($src_path, '/'); + if ($idx == ($len - 1)) { + # $src_path is a directory. + if (!opendir (DIR_HANDLE, $src_path)) { + $err_code = -1; + $err_str = "Error opening directory $src_path"; + return $err_code; + } + + foreach $file (readdir DIR_HANDLE) { + my $src_file = $src_path . $file; + + if (!opendir(DIR_HANDLE2, $src_file)) { + # We aren't interested in subdirs. + my $dest_path = $dest_dir . $file; + $files{$src_file} = $dest_path; + } else { + closedir(DIR_HANDLE2); + } + } + } else { + # Strip if preceding path from $src_path. + my $src_file = substr($src_path, ($idx + 1), $len); + my $dest_path = $dest_dir . $src_file; + + # Add $src_path => $dest_path to %files. + $files{$src_path} = $dest_path; + } + + $err_code = copy_files_to_guest(NULL, %files); + if ($err_code != 0) { + my $old_err_str = $err_str; + $err_str = "Copying files to host after " . + "populating %files: " . $old_err_str; + return ($err_code); + } + return ($err_code); + } + + sub run_on_guest { + # Read parameters $cmd, $cmd_args. + shift @_; + my ($cmd, $cmd_args) = @_; + + $err_code = VMware::Vix::Simple::VMRunProgramInGuest($vix_vm, + $cmd, $cmd_args, 0, + VMware::Vix::Simple::VIX_INVALID_HANDLE); + if ($err_code != VMware::Vix::Simple::VIX_OK) { + $err_str = VMware::Vix::Simple::GetErrorText( + $err_code); + return ($err_code); + } + + return ($err_code); + } + + sub get_guest_ip { + my $guest_ip = $perl_vm->get_guest_info('ip'); + + if (!defined($guest_ip)) { + ($err_code, $err_str) = $perl_vm->get_last_error(); + return NULL; + } + + if (!($guest_ip)) { + $err_code = 1; + $err_str = "Guest did not set the 'ip' variable"; + return NULL; + } + return $guest_ip; + } + + sub DESTROY { + host_disconnect(); + undef $perl_vm; + undef $vix_vm_host; + } +} + +return TRUE; diff --git a/source4/selftest/win/common.exp b/source4/selftest/win/common.exp new file mode 100644 index 0000000..93d24a6 --- /dev/null +++ b/source4/selftest/win/common.exp @@ -0,0 +1,521 @@ +# A library of commonly used functions written in expect. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +# This function maps a drive letter to a share point. +proc map_share { remote_prompt share_drive sharepoint username domain password } { + set default_err_str "Unknown error in function map_share" + set err_str $default_err_str + + set cmd "net use $share_drive $sharepoint $password /USER:$username@$domain\r\n" + send $cmd + + expect { + "The command completed successfully." { + expect_prompt $remote_prompt + set err_str "OK" + } \ + "The local device name is already in use." { + expect_prompt $remote_prompt + set err_str "The device name $share_drive is already in use" + } \ + "The network name cannot be found." { + expect_prompt $remote_prompt + set err_str "Sharepoint $sharepoint could not be found" + } \ + timeout { + set err_str "Function map_share timed out while mapping $share_drive to $sharepoint" + } + } + return $err_str +} + +# This function unmaps a drive letter from a share point. +proc unmap_share { remote_prompt share_drive } { + set default_err_str "Unknown error in function unmap_share" + set err_str $default_err_str + + set cmd "net use $share_drive /DELETE\r\n" + send $cmd + + expect { + "was deleted successfully." { + expect_prompt $remote_prompt + set err_str "OK" + } \ + "NET HELPMSG 2250" { + expect_prompt $remote_prompt + set err_str "The network connection could not be found while unmapping $share_drive" + } \ + timeout { + set err_str "Function unmap_share timed out while unmapping $share_drive" + } + } + return $err_str +} + +# This function uses xcopy to copy a text file from one location on the +# remote windows host to another. +proc xcopy_file { remote_prompt in_filename out_filename xcopy_options } { + set default_err_str "Unknown error in function xcopy_file" + set err_str $default_err_str + + set cmd "xcopy $in_filename $out_filename $xcopy_options\r\n" + send $cmd + + expect { + "(F = file, D = directory)? " { + set cmd "F\r\n" + send $cmd + expect { + "1 File(s) copied\r\n\r\n" { + expect_prompt $remote_prompt + set err_str "OK" + } \ + "0 File(s) copied\r\n\r\n" { + expect_prompt $remote_prompt + set err_str $default_err_str + } \ + timeout { + set err_str "Function xcopy_file has timed out while copying $in_filename" + } + } + } \ + "1 File(s) copied\r\n\r\n" { + expect_prompt $remote_prompt + set err_str "OK" + } \ + "0 File(s) copied\r\n\r\n" { + expect_prompt $remote_prompt + set err_str $default_err_str + } \ + timeout { + set err_str "Function xcopy_file timed out while copying $in_filename" + } + } + return $err_str +} + +# This function creates a temporary file on the remote windows host. +# The file contents are populated by a recursive directory listing of +# the windows %HOMEDRIVE%. +proc create_tmp_file { remote_prompt filename } { + set default_err_str "Unknown error in function create_tmp_file" + set err_str $default_err_str + + set cmd "dir %HOMEDRIVE%\\ /S > $filename\r\n" + send $cmd + expect { + $remote_prompt { + set err_str "OK" + } \ + timeout { + set err_str "Function create_tmp_file timed out while creating $filename" + } + } + return $err_str +} + +# This function compares two files on the remote windows host. +proc compare_files { remote_prompt file1 file2 } { + set default_err_str "Unknown error in function compare_files" + set err_str $default_err_str + + set cmd "fc $file1 $file2\r\n" + send $cmd + expect { + "FC: no differences encountered\r\n\r\n\r\n" { + expect_prompt $remote_prompt + set err_str "OK" + } \ + "\*\*\*\*\* $file1" { + expect_prompt $remote_prompt + set err_str "Files $file1 and $file2 differ" + } \ + "\*\*\*\*\* $file2" { + expect_prompt $remote_prompt + set err_str "Files $file1 and $file2 differ" + } \ + timeout { + set err_str "Function compare_files timed out while comparing files $file1 and $file2" + } + } + return $err_str +} + +# This function deletes a file on the remote windows host. +proc delete_file { remote_prompt filename } { + set default_err_str "Unknown error in function delete_file" + set err_str $default_err_str + + set cmd "del $filename\r\n" + send $cmd + expect { + "Could Not" { + expect_prompt $remote_prompt + set err_str $default_err_str + } \ + $remote_prompt { + set err_str "OK" + } \ + timeout { + set err_str "Function delete_file timed oout while deleting $filename" + } + } + return $err_str +} + +# This function copies a text file over telnet from the local unix host +# to the remote windows host. +proc copy_file { remote_prompt in_filename out_filename } { + set default_err_str "Unknown error in function copy_file" + set err_str $default_err_str + + # The octal ASCII code for Control-Z is 032. + set CTRLZ \032 + + # Open local file and read contents. + set in_file [open $in_filename r] + set in_data [read $in_file] + + # Initiate copy on remote host. + set cmd "copy con $out_filename\r\n" + send $cmd + + # Separate $in_data into lines and send to remote host. + set out_data [split $in_data "\n"] + foreach out_line $out_data { + send $out_line + # We might as well do a unix -> windows line conversion. + send "\r\n" + # Are we overwriting an existing file? + # If so, exit so we can handle it. + expect { + "(Yes/No/All)" { + send "NO\r\n" + expect_prompt $remote_prompt + set err_str "File exists" + } \ + $out_line { + set err_str "OK" + } \ + timeout { + set err_str "Function copy_file timed out while copying $in_filename" + } + } + if { $err_str != "OK" } { + return $err_str + } else { + set err_str $default_err_str + } + } + + # ^Z\r to complete the transfer. + send $CTRLZ + send "\r" + expect { + "file(s) copied." { + set err_str [expect_prompt $remote_prompt] + } \ + $remote_prompt { + set err_str $default_err_str + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Function copy_file timed out while finishing copy of $in_filename" + } + } + return $err_str +} + +# This function waits for the command prompt and reports an error on +# timeout. +proc expect_prompt { remote_prompt } { + set default_err_str "Unknown error occurred while waiting for the command prompt" + set err_str $default_err_str + + expect { + $remote_prompt { + set err_str "OK" + } \ + timeout { + set err_str "Timeout occurred while waiting for the command prompt" + } + } + return $err_str +} + +# This function will create a telnet login shell to $remote_host as $username. +# If expected dialogue is not received, return with a specific error if one +# is recognized. Otherwise return a generic error indicating the function +# name. +proc telnet_login { remote_prompt remote_host username password } { + + set default_err_str "Unknown error in function telnet_login" + set err_str $default_err_str + + set cmd "telnet $remote_host\r" + send $cmd + expect { + "login: " { + set err_str "OK" + } \ + "Connection refused" { + set err_str "Connection refused" + } \ + "No route to host" { + set err_str "No route to host" + } \ + timeout { + set err_str "Function telnet_login timed out while waiting for the login prompt" + } + } + if { $err_str != "OK" } { + # Return because something unexpected happened. + return $err_str + } else { + # Reset err_str + set err_str $default_err_str + } + + set cmd "$username\r" + send $cmd + expect { + "password: " { + set err_str "OK" + } \ + timeout { + set err_str "Function telnet_login timed out while waiting for the password prompt" + } + } + if { $err_str != "OK" } { + return $err_str + } else { + set err_str $default_err_str + } + + set cmd "$password\r" + send $cmd + expect { + $remote_prompt { + set err_str "OK" + } \ + "Login Failed" { + set err_str "Telnet login failed" + } \ + timeout { + set err_str "Function telnet_login timed out while waiting for the command prompt" + } + } + return $err_str +} + +proc create_directory { remote_prompt sharepath } { + + set default_err_str "Unknown error in function create_directory" + set err_str $default_err_str + + set cmd "mkdir $sharepath\r\n" + send $cmd + expect { + "already exists" { + expect_prompt $remote_prompt + set err_str "Directory already exists" + } \ + $remote_prompt { + set err_str "OK" + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Timeout reached starting create_directory." + } + } + return $err_str +} + +proc delete_directory { remote_prompt sharepath } { + + set default_err_str "Unknown error in function delete_directory" + set err_str $default_err_str + + set cmd "rmdir /S /Q $sharepath\r\n" + send $cmd + expect { + "Access is denied." { + expect_prompt $remote_prompt + set err_str "Directory access is denied" + } \ + $remote_prompt { + set err_str "OK" + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Timeout reached in delete_directory" + } + } + return $err_str +} + +proc create_share { remote_prompt username sharepath sharename } { + + set default_err_str "Unknown error in function create_share" + set err_str $default_err_str + + set cmd "net share $sharename=$sharepath /GRANT:$username,FULL\r\n" + send $cmd + expect { + "was shared successfully." { + set err_str [expect_prompt $remote_prompt] + } \ + "NET HELPMSG 2118." { + expect_prompt $remote_prompt + set err_str "The name has already been shared" + } \ + $remote_prompt { + set err_str $default_err_str + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Timeout reached in create_share" + } + } + return $err_str +} + +proc delete_share { remote_prompt sharename } { + + set default_err_str "Unknown error in function delete_share" + set err_str $default_err_str + + set cmd "net share $sharename /DELETE\r\n" + send $cmd + expect { + "was deleted successfully." { + set err_str [expect_prompt $remote_prompt] + } \ + "does not exist." { + expect_prompt $remote_prompt + set err_str "The share does not exist" + } \ + $remote_prompt { + set err_str $default_err_str + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Timeout reached in delete_share" + } + } + return $err_str +} + +proc delete_hosts_entry { remote_prompt hosts_file_path backup_hosts_filename } { + + set default_err_str "Unknown error in function delete_hosts_entry" + set err_str $default_err_str + + set cmd "cd $hosts_file_path\r\n" + send $cmd + expect { + "." { + expect_prompt $remote_prompt + set err_str $default_err_str + } \ + $remote_prompt { + set err_str "OK" + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Timeout reached in delete_hosts_entry" + } + } + if { $err_str != "OK" } { + return $err_str + } else { + set err_str $default_err_str + } + + set cmd "move /Y $backup_hosts_filename hosts\r\n" + send $cmd + expect { + "1 file(s) moved." { + set err_str [expect_prompt $remote_prompt] + } \ + "cannot find the file specified." { + expect_prompt $remote_prompt + set err_str "File not found" + } \ + $remote_prompt { + set err_str $default_err_str + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Function delete_hosts_entry timed out while renaming $backup_hosts_filename" + } + } + return $err_str +} + +proc create_hosts_entry { remote_prompt hosts_file_path hostname ip \ + backup_hosts_filename } { + + set default_err_str "Unknown error in function create_hosts_entry" + set err_str $default_err_str + + set cmd "cd $hosts_file_path\r\n" + send $cmd + expect { + "." { + expect_prompt $remote_prompt + set err_str $default_err_str + } \ + $remote_prompt { + set err_str "OK" + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Timeout reached in create_hosts_entry" + } + } + if { $err_str != "OK" } { + return $err_str + } else { + set err_str $default_err_str + } + + set cmd "copy /Y hosts $backup_hosts_filename\r\n" + send $cmd + expect { + "1 file(s) copied." { + set err_str [expect_prompt $remote_prompt] + } \ + "cannot find the file specified." { + expect_prompt $remote_prompt + set err_str "File not found." + } \ + $remote_prompt { + set err_str $default_err_str + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Function create_hosts_entry timed out while copying hosts file" + } + } + if { $err_str != "OK" } { + return $err_str + } else { + set err_str $default_err_str + } + + set cmd "echo $ip $hostname #smbtorture host. >> hosts\r\n" + send $cmd + expect { + $remote_prompt { + set err_str "OK" + } \ + timeout { + expect_prompt $remote_prompt + set err_str "Function create_hosts timed out while updating hosts file" + } + } + return $err_str +} diff --git a/source4/selftest/win/test_win.conf b/source4/selftest/win/test_win.conf new file mode 100644 index 0000000..ed52be9 --- /dev/null +++ b/source4/selftest/win/test_win.conf @@ -0,0 +1,83 @@ + +# perl needs to know to look in $WINTEST_DIR for VMHost.pm. +export PERLLIB=$WINTEST_DIR + +# Command prompt that we are expecting on the windows host. +export SMBTORTURE_REMOTE_PROMPT=">" + +## +## The variables in this section apply to the 'make wintest_dc' set of tests. +## + +# A username and password with admin rights to the DC we're testing against. +export WIN2K3_DC_USERNAME="tortureuser" +export WIN2K3_DC_PASSWORD="torturepass" + +# The domain and realm that the DC is configured for. +export WIN2K3_DC_DOMAIN="WINTESTDC" +export WIN2K3_DC_REALM="wintest.dc" + +# The path to the DC vmware image config file, local to the vmware server. +export WIN2K3_DC_VM_CFG_PATH="/var/lib/vmware/Virtual Machines/Windows Server 2003 DC BuildFarm/Windows 2003 DC BuildFarm.vmx" + +## +## The parameters in this section apply to the 'make wintest' set of tests. +## + +# The username and password we will be testing with. +# This user will need admin rights on the remote windows host. +export SMBTORTURE_USERNAME="tortureuser" +export SMBTORTURE_PASSWORD="torturepass" + +# The name of the workgroup we will be using on the remote windows host. +export SMBTORTURE_WORKGROUP="SMBTEST" + +# The name of and path to the windows share we'll be testing against. +export SMBTORTURE_REMOTE_SHARE_NAME="smbtorture_share" +export SMBTORTURE_REMOTE_SHARE_PATH="%HOMEDRIVE%\smbtorture_shared_dir" + +# Default timeout for the expect scripts to wait for a response from the remote. +export SMBTORTURE_EXPECT_TIMEOUT=30 + +# Path to the local smbtorture binary. +export SMBTORTURE_BIN_PATH="bin/smbtorture" + +# Local system hostname and ip address we'll be adding to the remote's +# hosts file. +export SMBTORTURE_LOCAL_HOSTNAME=$NETBIOSNAME +export SMBTORTURE_LOCAL_IP="192.168.100.12" + +# Filename of the windows hosts' unedited hosts file. +export REMOTE_BACKUP_HOSTS_FILENAME="hosts.smbtorture" +export REMOTE_HOSTS_FILE_PATH="%SYSTEMROOT%\\system32\\drivers\\etc" + +# These coincide with the parameters mktestsetup.sh uses to setup smbd. +export SMBTORTURE_LOCAL_USERNAME="administrator" +export SMBTORTURE_LOCAL_PASSWORD="penguin" +export SMBTORTURE_LOCAL_DOMAIN="SAMBADOMAIN" + +# This is the name of the samba share the windows vm will connect to. +export SMBTORTURE_LOCAL_SHARE_NAME="TMP" + +# This is the drive letter which will be used to mount a share on the windows vm. +export SMBTORTURE_REMOTE_DRIVE_LETTER="X:" + +# This is the name of the file which will be created on the windows vm +# and used for samba server tests. +export SMBTORTURE_TMP_FILENAME="smbtorture.tmp" + +# The path to the vmware image config file local to the vmware server. +export VM_CFG_PATH="/var/lib/vmware/Virtual Machines/Win2k3-BuildFarm/Win2k3-BuildFarm.vmx" + +# In order to copy files and execute programs on the guest vm, +# we need administrator-level credentials to log in with. +export GUEST_ADMIN_USERNAME="administrator" +export GUEST_ADMIN_PASSWORD="adminpass" + +# These parameters are optional. If not specified, the script tries to access +# a local vmware server as the executing user. +# logged-in user running the script are used. +export HOST_SERVER_NAME="vmhost" +export HOST_SERVER_PORT=902 +export HOST_USERNAME="vmuser" +export HOST_PASSWORD="vmpass" diff --git a/source4/selftest/win/vm_get_ip.pl b/source4/selftest/win/vm_get_ip.pl new file mode 100644 index 0000000..9657a34 --- /dev/null +++ b/source4/selftest/win/vm_get_ip.pl @@ -0,0 +1,48 @@ +#!/usr/bin/perl -w + +# A perl script to connect to a VMware server and get the IP address of a VM. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +use VMHost; + +sub check_error { + my $vm = VMHost; + my $custom_err_str = ""; + ($vm, $custom_err_str) = @_; + + my ($err_code, $err_str) = $vm->error; + if ($err_code != 0) { + undef $vm; + die $custom_err_str . "Returned $err_code: $err_str.\n"; + } +} + +# Read in parameters from environment. +my $vm_cfg_path = $ENV{"$ARGV[0]"}; +my $host_server_name = $ENV{'HOST_SERVER_NAME'}; +my $host_server_port = $ENV{'HOST_SERVER_PORT'}; +if (!defined($host_server_port)) { + $host_server_port = 902; +} + +my $host_username = $ENV{'HOST_USERNAME'}; +my $host_password = $ENV{'HOST_PASSWORD'}; +my $guest_admin_username = $ENV{'GUEST_ADMIN_USERNAME'}; +my $guest_admin_password = $ENV{'GUEST_ADMIN_PASSWORD'}; + +my $vm = VMHost; + +$vm->host_connect($host_server_name, $host_server_port, $host_username, + $host_password, $vm_cfg_path, $guest_admin_username, + $guest_admin_password); +check_error($vm, "Error in \$vm->host_connect().\n"); + +my $guest_ip = $vm->get_guest_ip(); +check_error($vm, "Error in \$vm->get_guest_ip().\n"); + +print $guest_ip; + +undef $vm; + +exit 0; diff --git a/source4/selftest/win/vm_load_snapshot.pl b/source4/selftest/win/vm_load_snapshot.pl new file mode 100644 index 0000000..35e80ba --- /dev/null +++ b/source4/selftest/win/vm_load_snapshot.pl @@ -0,0 +1,46 @@ +#!/usr/bin/perl -w + +# A perl script to connect to a VMware server and revert a VM snapshot. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +use VMHost; + +sub check_error { +my $vm = VMHost; + my $custom_err_str = ""; + ($vm, $custom_err_str) = @_; + + my ($err_code, $err_str) = $vm->error; + if ($err_code != 0) { + undef $vm; + die $custom_err_str . "Returned $err_code: $err_str.\n"; + } +} + +# Read in parameters from environment. +my $vm_cfg_path = $ENV{'VM_CFG_PATH'}; +my $host_server_name = $ENV{'HOST_SERVER_NAME'}; +my $host_server_port = $ENV{'HOST_SERVER_PORT'}; +if (!defined($host_server_port)) { + $host_server_port = 902; +} + +my $host_username = $ENV{'HOST_USERNAME'}; +my $host_password = $ENV{'HOST_PASSWORD'}; +my $guest_admin_username = $ENV{'GUEST_ADMIN_USERNAME'}; +my $guest_admin_password = $ENV{'GUEST_ADMIN_PASSWORD'}; + +my $vm = VMHost; + +$vm->host_connect($host_server_name, $host_server_port, $host_username, + $host_password, $vm_cfg_path, $guest_admin_username, + $guest_admin_password); +check_error($vm, "Error in \$vm->host_connect().\n"); + +$vm->revert_snapshot(); +check_error($vm, "Error in \$vm->revert_snapshot().\n"); + +undef $vm; + +exit 0; diff --git a/source4/selftest/win/wintest_2k3_dc.sh b/source4/selftest/win/wintest_2k3_dc.sh new file mode 100755 index 0000000..e77c2e2 --- /dev/null +++ b/source4/selftest/win/wintest_2k3_dc.sh @@ -0,0 +1,120 @@ +#!/bin/sh + +if [ $# -lt 1 ]; then + cat <<EOF +Usage: wintest_2k3_dc.sh TESTGROUP +EOF + exit 1 +fi + +TESTGROUP=$1 + +if [ -z $WINTEST_DIR ]; then + echo "Environment variable WINTEST_DIR not found." + exit 1 +fi + +# This variable is defined in the per-hosts .fns file for build-farm hosts that run windows tests. +if [ -z $WINTESTCONF ]; then + echo "Please point environment variable WINTESTCONF to your test_win.conf file." + exit 1 +fi + +. $WINTESTCONF +. $WINTEST_DIR/wintest_functions.sh + +export WIN2K3_DC_REMOTE_HOST=$(perl -I$WINTEST_DIR $WINTEST_DIR/vm_get_ip.pl WIN2K3_DC_VM_CFG_PATH) + +if [ -z $WIN2K3_DC_REMOTE_HOST ]; then + # Restore snapshot to ensure VM is in a known state, then exit. + restore_snapshot "Test failed to get the IP address of the windows 2003 DC." "$WIN2K3_DC_VM_CFG_PATH" + exit 1 +fi + +server=$WIN2K3_DC_REMOTE_HOST +username=$WIN2K3_DC_USERNAME +password=$WIN2K3_DC_PASSWORD +domain=$WIN2K3_DC_DOMAIN +realm=$WIN2K3_DC_REALM + +OPTIONS="-U$username%$password -W $domain --option realm=$realm" + +all_errs=0 + +on_error() +{ + name=$1 + + all_errs=$(expr $all_errs + 1) + restore_snapshot "$name test failed." "$WIN2K3_DC_VM_CFG_PATH" +} + +drsuapi_tests() +{ + + name="RPC-DRSUAPI on ncacn_ip_tcp with seal" + bin/smbtorture \ + ncacn_ip_tcp:${server}[seal] $OPTIONS \ + RPC-DRSUAPI || on_error "$name" + + name="RPC-DRSUAPI on ncacn_ip_tcp with seal,bigendian" + bin/smbtorture \ + ncacn_ip_tcp:${server}[seal,bigendian] $OPTIONS \ + RPC-DRSUAPI || on_error "$name" +} + +spoolss_tests() +{ + + name="RPC-SPOOLSS on ncacn_np" + bin/smbtorture \ + ncacn_np:$server $OPTIONS \ + RPC-SPOOLSS || on_error "$name" +} + +ncacn_ip_tcp_tests() +{ + bindopt=$1 + transport="ncacn_ip_tcp" + tests="RPC-SCHANNEL RPC-EPMAPPER RPC-SAMR RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND" + + for bindoptions in $bindopt; do + for t in $tests; do + name="$t on $transport with $bindoptions" + bin/smbtorture $TORTURE_OPTIONS \ + $transport:${server}[$bindoptions] \ + $OPTIONS $t || on_error "$name" + done + done +} + +ncacn_np_tests() +{ + bindopt=$1 + transport="ncacn_np" + tests="RPC-SCHANNEL RPC-DSSETUP RPC-EPMAPPER RPC-SAMR RPC-WKSSVC RPC-SRVSVC RPC-EVENTLOG RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND RPC-WINREG" + + for bindoptions in $bindopt; do + for t in $tests; do + name="$t on $transport with $bindoptions" + bin/smbtorture $TORTURE_OPTIONS \ + $transport:${server}[$bindoptions] \ + $OPTIONS $t || on_error "$name" + done + done +} + +bindoptions="padcheck connect sign seal ntlm,sign ntml,seal $VALIDATE bigendian" + +case $TESTGROUP in +RPC-DRSUAPI) drsuapi_tests ;; +RPC-SPOOLSS) spoolss_tests ;; +ncacn_ip_tcp) ncacn_ip_tcp_tests $bindoptions ;; +ncacn_np) ncacn_np_tests $bindoptions ;; +*) + echo "$TESTGROUP is not a known set of tests." + exit 1 + ;; +esac + +exit $all_errs diff --git a/source4/selftest/win/wintest_base.sh b/source4/selftest/win/wintest_base.sh new file mode 100755 index 0000000..73b0f9c --- /dev/null +++ b/source4/selftest/win/wintest_base.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +. selftest/test_functions.sh + +. selftest/win/wintest_functions.sh + +# This variable is defined in the per-hosts .fns file. +. $WINTESTCONF + +if [ $# -lt 4 ]; then + cat <<EOF +Usage: wintest_base.sh SERVER USERNAME PASSWORD DOMAIN +EOF + exit 1 +fi + +server="$1" +username="$2" +password="$3" +domain="$4" +shift 4 + +export SMBTORTURE_REMOTE_HOST=$server + +base_tests="BASE-UNLINK BASE-ATTR BASE-DELETE BASE-TCON BASE-OPEN BASE-CHKPATH" + +all_errs=0 +err=0 + +on_error() +{ + errstr=$1 + + all_errs=$(expr $all_errs + 1) + restore_snapshot $errstr "$VM_CFG_PATH" +} + +for t in $base_tests; do + test_name="$t / WINDOWS SERVER" + echo -e "\n$test_name SETUP PHASE" + + setup_share_test + + if [ $err_rtn -ne 0 ]; then + # If test setup fails, load VM snapshot and skip test. + on_error "\n$test_name setup failed, skipping test." + else + echo -e "\n$test_name setup completed successfully." + + $SMBTORTURE_BIN_PATH -U $username%$password \ + -W $domain //$server/$SMBTORTURE_REMOTE_SHARE_NAME \ + $t || err=1 + if [ $err -ne 0 ]; then + on_error "\n$test_name failed." + else + echo -e "\n$test_name CLEANUP PHASE" + remove_share_test + if [ $err_rtn -ne 0 ]; then + # If cleanup fails, restore VM snapshot. + on_error "\n$test_name removal failed." + else + echo -e "\n$test_name removal completed successfully." + fi + fi + fi +done + +exit $all_errs diff --git a/source4/selftest/win/wintest_client.exp b/source4/selftest/win/wintest_client.exp new file mode 100644 index 0000000..ccf5d06 --- /dev/null +++ b/source4/selftest/win/wintest_client.exp @@ -0,0 +1,95 @@ +# An expect script to create a temporary file, map a share, copy the file to the share, +# and compare the contents of the two files. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +proc run_test { remote_prompt tmp_filename share_drive host_drive buildhost_ip buildhost_share username domain password } { + + # Create the temp file on the windows host and connect to the samba share. + set host_tmpfile "$host_drive\\$tmp_filename" + set err_str [create_tmp_file $remote_prompt $host_tmpfile] + if { $err_str != "OK" } { + return $err_str + } + + set buildhost_sharepoint "\\\\$buildhost_ip\\$buildhost_share" + set err_str [map_share $remote_prompt $share_drive $buildhost_sharepoint $username $domain $password] + if { $err_str != "OK" } { + return $err_str + } + + # Copy the temp file to the share and compare its contents with the original. + set share_tmpfile "$share_drive\\$tmp_filename" + set xcopy_options "" + set err_str [xcopy_file $remote_prompt $host_tmpfile $share_tmpfile $xcopy_options] + if { $err_str != "OK" } { + return $err_str + } + + set err_str [compare_files $remote_prompt $host_tmpfile $share_tmpfile] + if { $err_str != "OK" } { + return $err_str + } + + # Remove files and unmap share. + set err_str [delete_file $remote_prompt $share_tmpfile] + if { $err_str != "OK" } { + return $err_str + } + set err_str [delete_file $remote_prompt $host_tmpfile] + if { $err_str != "OK" } { + return $err_str + } + + set err_str [unmap_share $remote_prompt $share_drive] + if {$err_str != "OK" } { + return $err_str + } + + return $err_str +} + +# Read parameters. +set remote_prompt $env(SMBTORTURE_REMOTE_PROMPT) +set remote_host $env(SMBTORTURE_REMOTE_HOST) +set username $env(SMBTORTURE_USERNAME) +set password $env(SMBTORTURE_PASSWORD) +set timeout $env(SMBTORTURE_EXPECT_TIMEOUT) + +set tmp_filename $env(SMBTORTURE_TMP_FILENAME) + +set share_drive $env(SMBTORTURE_REMOTE_DRIVE_LETTER) +set host_drive "%HOMEDRIVE%" + +set buildhost_ip $env(SMBTORTURE_LOCAL_IP) +set buildhost_share $env(SMBTORTURE_LOCAL_SHARE_NAME) +set buildhost_username $env(SMBTORTURE_LOCAL_USERNAME) +set buildhost_domain $env(SMBTORTURE_LOCAL_DOMAIN) +set buildhost_password $env(SMBTORTURE_LOCAL_PASSWORD) + +set err_val [spawn $env(SHELL)] +if {$err_val == 0} { + puts stderr "Expect failed while spawning a shell process." + exit $err_val +} + +set err_str [telnet_login $remote_prompt $remote_host $username $password] +if {$err_str != "OK"} { + puts stderr "\nFunction telnet_login failed during Samba server testing." + puts stderr "Error was: $err_str." + exit 1 +} + +set err_str [run_test $remote_prompt $tmp_filename $share_drive $host_drive $buildhost_ip $buildhost_share $buildhost_username $buildhost_domain $buildhost_password] +if {$err_str != "OK"} { + puts stderr "\nFunction run_test failed during Samba server testing." + puts stderr "Error was: $err_str." + + # Log off from the telnet server. + send "exit\r\n" + exit 1 +} + +# Log off from the telnet server. +send "exit\r\n" +exit 0 diff --git a/source4/selftest/win/wintest_client.sh b/source4/selftest/win/wintest_client.sh new file mode 100755 index 0000000..b956c71 --- /dev/null +++ b/source4/selftest/win/wintest_client.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +. selftest/test_functions.sh + +. selftest/win/wintest_functions.sh + +# This variable is defined in the per-hosts .fns file. +. $WINTESTCONF + +export SMBTORTURE_REMOTE_HOST=$1 + +test_name="WINDOWS CLIENT / SAMBA SERVER SHARE" + +cat $WINTEST_DIR/common.exp >$TMPDIR/client_test.exp +cat $WINTEST_DIR/wintest_client.exp >>$TMPDIR/client_test.exp + +expect $TMPDIR/client_test.exp || all_errs=$(expr $all_errs + 1) + +if [ $all_errs ] >0; then + # Restore snapshot to ensure VM is in a known state. + restore_snapshot "\n$test_name failed." "$VM_CFG_PATH" +fi + +rm -f $TMPDIR/client_test.exp + +exit $all_errs diff --git a/source4/selftest/win/wintest_functions.sh b/source4/selftest/win/wintest_functions.sh new file mode 100755 index 0000000..9b6bed9 --- /dev/null +++ b/source4/selftest/win/wintest_functions.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Setup the windows environment. +# This was the best way I could figure out including library files +# for the moment. +# I was finding that "cat common.exp wintest_setup.exp | expect -f -" +# fails to run, but exits with 0 status something like 1% of the time. + +setup_share_test() +{ + echo -e "\nSetting up windows environment." + cat $WINTEST_DIR/common.exp >$TMPDIR/setup.exp + cat $WINTEST_DIR/wintest_setup.exp >>$TMPDIR/setup.exp + expect $TMPDIR/setup.exp + err_rtn=$? + rm -f $TMPDIR/setup.exp +} + +# Clean up the windows environment after the test has run or failed. +remove_share_test() +{ + echo -e "\nCleaning up windows environment." + cat $WINTEST_DIR/common.exp >$TMPDIR/remove.exp + cat $WINTEST_DIR/wintest_remove.exp >>$TMPDIR/remove.exp + expect $TMPDIR/remove.exp + err_rtn=$? + rm -f $TMPDIR/remove.exp +} + +restore_snapshot() +{ + err_str=$1 + VMX_PATH=$2 + + # Display the error that caused us to restore the snapshot. + echo -e $err_str + + if [ -z $HOST_SERVER_NAME ]; then + # The vmware server is running locally. + vmrun revertToSnapshot "$VMX_PATH" + err_rtn=$? + else + vmrun -h $HOST_SERVER_NAME -P $HOST_SERVER_PORT \ + -u $HOST_USERNAME -p $HOST_PASSWORD \ + revertToSnapshot "$VMX_PATH" + err_rtn=$? + fi + + if [ $err_rtn -eq 0 ]; then + echo "Snapshot restored." + else + echo "Error $err_rtn restoring snapshot!" + fi +} diff --git a/source4/selftest/win/wintest_net.sh b/source4/selftest/win/wintest_net.sh new file mode 100755 index 0000000..4ade861 --- /dev/null +++ b/source4/selftest/win/wintest_net.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +. selftest/test_functions.sh + +. selftest/win/wintest_functions.sh + +# This variable is defined in the per-hosts .fns file. +. $WINTESTCONF + +if [ $# -lt 4 ]; then + cat <<EOF +Usage: wintest_net.sh SERVER USERNAME PASSWORD DOMAIN +EOF + exit 1 +fi + +server="$1" +username="$2" +password="$3" +domain="$4" +shift 4 + +ncacn_np_tests="NET-API-LOOKUP NET-API-LOOKUPHOST NET-API-RPCCONN-BIND NET-API-RPCCONN-SRV NET-API-RPCCONN-DC NET-API-RPCCONN-DCINFO NET-API-LISTSHARES" +#These tests fail on ncacn_np: NET-API-LOOKUPPDC NET-API-CREATEUSER NET-API-DELETEUSER + +ncalrpc_tests="NET-API-RPCCONN-SRV NET-API-RPCCONN-DC NET-API-RPCCONN-DCINFO NET-API-LISTSHARES" +#These tests fail on ncalrpc: NET-API-CREATEUSER NET-API-DELETEUSER + +ncacn_ip_tcp_tests="NET-API-LOOKUP NET-API-LOOKUPHOST NET-API-RPCCONN-SRV NET-API-RPCCONN-DC NET-API-RPCCONN-DCINFO NET-API-LISTSHARES" +#These tests fail on ncacn_ip_tcp: NET-API-LOOKUPPDC NET-API-CREATEUSER NET-API-DELETEUSER + +bind_options="seal,padcheck bigendian" + +test_type="ncalrpc ncacn_np ncacn_ip_tcp" + +all_errs=0 + +on_error() +{ + errstr=$1 + + all_errs=$(expr $all_errs + 1) + restore_snapshot "$errstr" "$VM_CFG_PATH" +} + +for o in $bind_options; do + for transport in $test_type; do + case $transport in + ncalrpc) net_test=$ncalrpc_tests ;; + ncacn_np) net_test=$ncacn_np_tests ;; + ncacn_ip_tcp) net_test=$ncacn_ip_tcp_tests ;; + esac + + for t in $net_test; do + test_name="$t on $transport with $o" + $SMBTORTURE_BIN_PATH -U $username%$password \ + -W $domain ${transport}:${server}[$o] \ + $t || on_error "\n$test_name failed." + done + done +done + +exit $all_errs diff --git a/source4/selftest/win/wintest_raw.sh b/source4/selftest/win/wintest_raw.sh new file mode 100755 index 0000000..d9c97f8 --- /dev/null +++ b/source4/selftest/win/wintest_raw.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +. selftest/test_functions.sh + +. selftest/win/wintest_functions.sh + +# This variable is defined in the per-hosts .fns file. +. $WINTESTCONF + +if [ $# -lt 4 ]; then + cat <<EOF +Usage: wintest_raw.sh SERVER USERNAME PASSWORD DOMAIN +EOF + exit 1 +fi + +server="$1" +username="$2" +password="$3" +domain="$4" +shift 4 + +export SMBTORTURE_REMOTE_HOST=$server + +raw_tests="RAW-QFILEINFO RAW-SFILEINFO-BASE RAW-MKDIR RAW-SEEK RAW-OPEN RAW-WRITE RAW-UNLINK RAW-READ RAW-CLOSE RAW-IOCTL RAW-RENAME RAW-EAS RAW-STREAMS" +# This test fails: RAW-QFSINFO + +all_errs=0 +err=0 + +on_error() +{ + errstr=$1 + all_errs=$(expr $all_errs + 1) + + restore_snapshot "$errstr" "$VM_CFG_PATH" +} + +for t in $raw_tests; do + test_name="$t / WINDOWS SERVER" + echo -e "\n$test_name SETUP PHASE" + + setup_share_test + + if [ $err_rtn -ne 0 ]; then + # If test setup fails, load VM snapshot and skip test. + on_error "\n$test_name setup failed, skipping test." + else + echo -e "\n$test_name setup completed successfully." + + $SMBTORTURE_BIN_PATH -U $username%$password -W $domain \ + //$server/$SMBTORTURE_REMOTE_SHARE_NAME \ + $t || err=1 + if [ $err -ne 0 ]; then + on_error "\n$test_name failed." + else + echo -e "\n$test_name CLEANUP PHASE" + remove_share_test + if [ $err_rtn -ne 0 ]; then + # If cleanup fails, restore VM snapshot. + on_error "\n$test_name removal failed." + else + echo -e "\n$test_name removal completed successfully." + fi + fi + fi +done + +exit $all_errs diff --git a/source4/selftest/win/wintest_remove.exp b/source4/selftest/win/wintest_remove.exp new file mode 100644 index 0000000..36dc4a7 --- /dev/null +++ b/source4/selftest/win/wintest_remove.exp @@ -0,0 +1,71 @@ +# An expect script to remove a directory and share which was +# previously setup for an smbtorture test. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +proc remove_test { remote_prompt sharepath sharename hosts_file_path \ + backup_hosts_filename } { + + set err_str [delete_share $remote_prompt $sharename] + if { $err_str != "OK" } { + puts stderr "Error in function delete_share: $err_str." + puts stderr "Function remove_test will continue." + } + + set err_str [delete_directory $remote_prompt $sharepath] + if { $err_str != "OK" } { + puts stderr "Error in function delete_directory: $err_str." + puts stderr "Function remove_test will continue." + } + + # Overwrite the current hosts file with the backup we made during setup. + set err_str [delete_hosts_entry $remote_prompt $hosts_file_path \ + $backup_hosts_filename] + if { $err_str != "OK" } { + puts stderr "Error in function delete_hosts_entry: $err_str." + puts stderr "Function remove_test will continue." + } + return $err_str +} + +# read parameters +set remote_host $env(SMBTORTURE_REMOTE_HOST) +set remote_prompt $env(SMBTORTURE_REMOTE_PROMPT) + +set username $env(SMBTORTURE_USERNAME) +set password $env(SMBTORTURE_PASSWORD) + +set timeout $env(SMBTORTURE_EXPECT_TIMEOUT) + +set sharepath $env(SMBTORTURE_REMOTE_SHARE_PATH) +set sharename $env(SMBTORTURE_REMOTE_SHARE_NAME) + +set backup_hosts_filename $env(REMOTE_BACKUP_HOSTS_FILENAME) +set hosts_file_path $env(REMOTE_HOSTS_FILE_PATH) + +set err_val [spawn $env(SHELL)] +if {$err_val == 0} { + puts stderr "Expect failed while spawning a shell process." + exit $err_val +} + +set err_str [telnet_login $remote_prompt $remote_host $username $password] +if {$err_str != "OK"} { + puts stderr "\nFunction telnet_login failed during cleanup." + puts stderr "Error was: $err_str." + exit 1 +} + +set err_str [remove_test $remote_prompt $sharepath $sharename \ + $hosts_file_path $backup_hosts_filename] +if {$err_str != "OK"} { + puts stderr "\nFunction remove_test failed." + puts stderr "Error was: $err_str." + # Log off from the telnet server. + send "exit\r\n" + exit 1 +} + +# Log off from the telnet server. +send "exit\r\n" +exit 0 diff --git a/source4/selftest/win/wintest_rpc.sh b/source4/selftest/win/wintest_rpc.sh new file mode 100755 index 0000000..8dd127c --- /dev/null +++ b/source4/selftest/win/wintest_rpc.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +. selftest/test_functions.sh + +. selftest/win/wintest_functions.sh + +# This variable is defined in the per-hosts .fns file. +. $WINTESTCONF + +if [ $# -lt 4 ]; then + cat <<EOF +Usage: wintest_rpc.sh SERVER USERNAME PASSWORD DOMAIN +EOF + exit 1 +fi + +server="$1" +username="$2" +password="$3" +domain="$4" +shift 4 + +ncacn_np_tests="RPC-SRVSVC RPC-UNIXINFO RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND" +# These tests fail on ncacn_np: RPC-SPOOLSS RPC-SCHANNEL RPC-JOIN RPC-LSA +# RPC-NETLOGON + +ncalrpc_tests="RPC-UNIXINFO RPC-ECHO" +# These tests fail on ncalrpc: RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP +# RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON + +ncacn_ip_tcp_tests="RPC-UNIXINFO RPC-ECHO" +# These tests fail on ncacn_ip_tcp: RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP +# RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON + +bind_options="seal,padcheck bigendian" + +test_type="ncalrpc ncacn_np ncacn_ip_tcp" + +all_errs=0 + +on_error() +{ + errstr=$1 + all_errs=$(expr $all_errs + 1) + + restore_snapshot "$errstr" "$VM_CFG_PATH" +} + +for o in $bind_options; do + for transport in $test_type; do + case $transport in + ncalrpc) rpc_test=$ncalrpc_tests ;; + ncacn_np) rpc_test=$ncacn_np_tests ;; + ncacn_ip_tcp) rpc_test=$ncacn_ip_tcp_tests ;; + esac + + for t in $rpc_test; do + test_name="$t on $transport with $o" + + $SMBTORTURE_BIN_PATH -U $username%$password \ + -W $domain ${transport}:${server}[$o] \ + $t || on_error "\n$test_name failed." + done + done +done + +exit $all_errs diff --git a/source4/selftest/win/wintest_setup.exp b/source4/selftest/win/wintest_setup.exp new file mode 100644 index 0000000..c48ad14 --- /dev/null +++ b/source4/selftest/win/wintest_setup.exp @@ -0,0 +1,104 @@ +# An expect script to setup a directory and share for an smbtorture test. +# Copyright Brad Henry <brad@samba.org> 2006 +# Released under the GNU GPL version 3 or later. + +proc setup_test { remote_prompt sharepath sharename username local_hostname \ + local_ip hosts_file_path backup_hosts_filename } { + + # If creating the directory fails, remove, then + # re-create the directory. + set err_str [create_directory $remote_prompt $sharepath] + if { $err_str != "OK" } { + if { $err_str != "Directory already exists" } { + puts stderr "\nUnexpected error occurred in setup_test.\n" + puts stderr "Function create_directory returned $err_str." + } else { + puts stdout "\nDirectory $sharepath exists." + } + puts stdout "Re-creating directory $sharepath." + + set err_str [delete_directory $remote_prompt $sharepath] + if { $err_str != "OK" } { + return $err_str + } + set err_str [create_directory $remote_prompt $sharepath] + if { $err_str != "OK" } { + return $err_str + } + } + + # If creating the share fails, remove, then + # re-create the share. + set err_str [create_share $remote_prompt $username $sharepath \ + $sharename] + if { $err_str != "OK" } { + if { $err_str != "The name has already been shared" } { + puts stderr "\nUnexpected error occurred in setup_test." + puts stderr "Function create_share returned $err_str." + } else { + puts stdout "\nShare $sharename exists." + } + puts stdout "Re-creating share $sharename." + + set err_str [delete_share $remote_prompt $sharename] + if { $err_str != "OK" } { + return $err_str + } + set err_str [create_share $remote_prompt $username $sharepath \ + $sharename] + if { $err_str != "OK" } { + return $err_str + } + } + + # Add a hosts file entry on the windows machine for the smbtorture host. + set err_str [create_hosts_entry $remote_prompt $hosts_file_path \ + $local_hostname $local_ip $backup_hosts_filename] + return $err_str +} + +# Read parameters. +set remote_host $env(SMBTORTURE_REMOTE_HOST) +set remote_prompt $env(SMBTORTURE_REMOTE_PROMPT) + +set username $env(SMBTORTURE_USERNAME) +set password $env(SMBTORTURE_PASSWORD) + +set timeout $env(SMBTORTURE_EXPECT_TIMEOUT) + +set sharepath $env(SMBTORTURE_REMOTE_SHARE_PATH) +set sharename $env(SMBTORTURE_REMOTE_SHARE_NAME) + +set local_hostname $env(SMBTORTURE_LOCAL_HOSTNAME) +set local_ip $env(SMBTORTURE_LOCAL_IP) + +set backup_hosts_filename $env(REMOTE_BACKUP_HOSTS_FILENAME) +set hosts_file_path $env(REMOTE_HOSTS_FILE_PATH) + +set err_val [spawn $env(SHELL)] +if {$err_val == 0} { + puts stderr "Expect failed while spawning a shell process." + exit $err_val +} + +set err_str [telnet_login $remote_prompt $remote_host $username $password] +if {$err_str != "OK"} { + puts stderr "\nFunction telnet_login failed during setup." + puts stderr "Error was: $err_str." + exit 1 +} + +set err_str [setup_test $remote_prompt $sharepath $sharename $username \ + $local_hostname $local_ip $hosts_file_path \ + $backup_hosts_filename] +if {$err_str != "OK"} { + puts stderr "\nFunction setup_test failed during setup." + puts stderr "Error was: $err_str." + # Log off from the telnet server. + send "exit\r\n" + exit 1 +} + +# Log off from the telnet server. +send "exit\r\n" +exit 0 |