diff options
Diffstat (limited to 'selftest/expectedfail.d')
-rw-r--r-- | selftest/expectedfail.d/README | 22 | ||||
-rw-r--r-- | selftest/expectedfail.d/encrypted_secrets | 13 | ||||
-rw-r--r-- | selftest/expectedfail.d/labdc | 5 | ||||
-rw-r--r-- | selftest/expectedfail.d/ntlm-auth | 21 | ||||
-rw-r--r-- | selftest/expectedfail.d/ntlmdisabled | 6 | ||||
-rw-r--r-- | selftest/expectedfail.d/ntlmv1-restrictions | 5 | ||||
-rw-r--r-- | selftest/expectedfail.d/samba-4.5-emulation | 4 |
7 files changed, 76 insertions, 0 deletions
diff --git a/selftest/expectedfail.d/README b/selftest/expectedfail.d/README new file mode 100644 index 0000000..5473e6c --- /dev/null +++ b/selftest/expectedfail.d/README @@ -0,0 +1,22 @@ +# Files in this directory contain lists of regular expressions +# matching the names of tests that are *necessarily* expected to fail. +# +# "make test" will not report failures for tests listed here and will +# consider a successful run for any of these tests an error. +# +# They differ from the knownfail tests (selftest/knownfail.d) in that +# the lack of failure here is definitely a problem. The knownfail +# tests might be fixed one day, even accidentally, but these ones will +# not. +# +# Before adding tests here, consider rewriting the test so that the +# expected result is a failure. The tests in here are typically +# testing the use of some protocol or feature on a server that has +# that feature turned off. The same tests will also be run against +# another server where they do not fail. The downside of this method +# is we don't know that these expected fail tests are failing in the +# right way. +# +# Empty lines and lines beginning with '#' are ignored. +# +# Please don't add tests to this README! diff --git a/selftest/expectedfail.d/encrypted_secrets b/selftest/expectedfail.d/encrypted_secrets new file mode 100644 index 0000000..e25a68d --- /dev/null +++ b/selftest/expectedfail.d/encrypted_secrets @@ -0,0 +1,13 @@ +# The fl2000dc environment is provisioned with the --plaintext-secrets option +# running the ecnrypted secrets tests on it and expecting them to fail. +# verifies that: +# * --plaintext-secrets option correctly provisions a domain +# * the dsdb operational module correctly handles unencrypted secrets +# * secrets are not stored as encrypted text when this option is specified +^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_encrypted_secrets\(fl2000dc:local\) +^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_required_features\(fl2000dc:local\) +# +# The tests for bug 13563 https://bugzilla.samba.org/show_bug.cgi?id=13653 +# should fail in the mdb case, as sam.ldb is currently a tdb file. +# +^samba.tests.blackbox.bug13653.samba.tests.blackbox.bug13653.Bug13653Tests.test_mdb_scheme diff --git a/selftest/expectedfail.d/labdc b/selftest/expectedfail.d/labdc new file mode 100644 index 0000000..65eafd5 --- /dev/null +++ b/selftest/expectedfail.d/labdc @@ -0,0 +1,5 @@ +# Because the lab-DC testenv scrubs all user info (apart from the Admin), +# we expect tests relying on other users' credentials to fail. +# These tests fail because they use testallowed and testdenied users. +^samba4.rpc.echo.testallowed.*labdc.* +^samba4.rpc.echo.testdenied.*labdc.* diff --git a/selftest/expectedfail.d/ntlm-auth b/selftest/expectedfail.d/ntlm-auth new file mode 100644 index 0000000..f4cfd64 --- /dev/null +++ b/selftest/expectedfail.d/ntlm-auth @@ -0,0 +1,21 @@ +# NETLOGON is disabled in any non-DC environments +^samba.tests.netlogonsvc.python\(ad_member\) +^samba.tests.netlogonsvc.python\(simpleserver\) +^samba.tests.netlogonsvc.python\(fileserver\) +# NETLOGON is disabled in any non-DC environments +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_2nd_cancel_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_08_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cancel_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cmpx_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_didnot_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_maybe_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_only_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests01\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests02\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests03\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests04\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests05\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_cancel_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_only_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_mix_requests\(ad_member\) +^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_none_only_requests\(ad_member\) diff --git a/selftest/expectedfail.d/ntlmdisabled b/selftest/expectedfail.d/ntlmdisabled new file mode 100644 index 0000000..cbfb49d --- /dev/null +++ b/selftest/expectedfail.d/ntlmdisabled @@ -0,0 +1,6 @@ +# NTLM authentication is (intentionally) disabled in ktest +^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ktest\) +^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ad_dc_no_ntlm\) +# Disabling NTLM means you can't use samr to change the password +^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) +^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) diff --git a/selftest/expectedfail.d/ntlmv1-restrictions b/selftest/expectedfail.d/ntlmv1-restrictions new file mode 100644 index 0000000..c5e915a --- /dev/null +++ b/selftest/expectedfail.d/ntlmv1-restrictions @@ -0,0 +1,5 @@ +# These tests should fail in these environments, as we restrict NTLMv1 +# in both of these, with vampire_dc however allowing MSCHAPv2 +samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(vampire_dc\) +samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExMSCHAPv2\(promoted_dc\) +samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(promoted_dc\) diff --git a/selftest/expectedfail.d/samba-4.5-emulation b/selftest/expectedfail.d/samba-4.5-emulation new file mode 100644 index 0000000..ef0cdf1 --- /dev/null +++ b/selftest/expectedfail.d/samba-4.5-emulation @@ -0,0 +1,4 @@ +# This fails as there is no second DC in this environment, so it is always the owner +samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_FSMONotOwner\(chgdcpass\) +# This fails because GET_ANC is now poorly implemented (matching Samba 4.5) +^samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_link_utdv_hwm\(chgdcpass\) |