diff options
-rw-r--r-- | selftest/target/Samba4.pm | 100 | ||||
-rwxr-xr-x | source4/selftest/tests.sh | 84 |
2 files changed, 142 insertions, 42 deletions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index c19f162d62..0ef280ee16 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1027,6 +1027,50 @@ sub provision_fl2000dc($$) return $ret; } +sub provision_fl2003dc($$) +{ + my ($self, $prefix) = @_; + + print "PROVISIONING DC..."; + my $ret = $self->provision($prefix, + "domain controller", + "localfl2003dc6", + "localfl2003dc", + "SAMBA2003", + "samba2003.example.com", + "2003", + 6, + "locDCpass6", + "127.0.0.6", ""); + + $self->add_wins_config("$prefix/private") or + die("Unable to add wins configuration"); + + return $ret; +} + +sub provision_fl2008r2dc($$) +{ + my ($self, $prefix) = @_; + + print "PROVISIONING DC..."; + my $ret = $self->provision($prefix, + "domain controller", + "localfl2008r2dc6", + "localfl2000r2dc", + "SAMBA2008R2", + "samba2008R2.example.com", + "2008_r2", + 7, + "locDCpass7", + "127.0.0.7", ""); + + $self->add_wins_config("$prefix/private") or + die("Unable to add wins configuration"); + + return $ret; +} + sub teardown_env($$) { my ($self, $envvars) = @_; @@ -1104,6 +1148,10 @@ sub setup_env($$$) return $self->setup_dc("$path/dc"); } elsif ($envname eq "fl2000dc") { return $self->setup_fl2000dc("$path/fl2000dc"); + } elsif ($envname eq "fl2003dc") { + return $self->setup_fl2003dc("$path/fl2003dc"); + } elsif ($envname eq "fl2008r2dc") { + return $self->setup_fl2008r2dc("$path/fl2008r2dc"); } elsif ($envname eq "rpc_proxy") { if (not defined($self->{vars}->{dc})) { $self->setup_dc("$path/dc"); @@ -1144,6 +1192,26 @@ sub setup_env($$$) $ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME}; $ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD}; } + if (not defined($self->{vars}->{fl2003dc})) { + my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc}); + + $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER}; + $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP}; + $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME}; + $ret->{FL2003DC_NETBIOSALIAS} = $fl2003dc_ret->{NETBIOSALIAS}; + $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME}; + $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD}; + } + if (not defined($self->{vars}->{fl2008r2dc})) { + my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc}); + + $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER}; + $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP}; + $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME}; + $ret->{FL2008R2DC_NETBIOSALIAS} = $fl2008r2dc_ret->{NETBIOSALIAS}; + $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME}; + $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD}; + } return $ret; } else { die("Samba4 can't provide environment '$envname'"); @@ -1212,6 +1280,38 @@ sub setup_fl2000dc($$) return $env; } +sub setup_fl2003dc($$) +{ + my ($self, $path) = @_; + + my $env = $self->provision_fl2003dc($path); + + $self->check_or_start($env, + ($ENV{SMBD_MAXTIME} or 7500)); + + $self->wait_for_start($env); + + $self->{vars}->{fl2003dc} = $env; + + return $env; +} + +sub setup_fl2008r2dc($$) +{ + my ($self, $path) = @_; + + my $env = $self->provision_fl2008r2dc($path); + + $self->check_or_start($env, + ($ENV{SMBD_MAXTIME} or 7500)); + + $self->wait_for_start($env); + + $self->{vars}->{fl2008r2dc} = $env; + + return $env; +} + sub setup_vampire_dc($$$) { my ($self, $path, $dc_vars) = @_; diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh index 129b5ead15..c8f1cd5803 100755 --- a/source4/selftest/tests.sh +++ b/source4/selftest/tests.sh @@ -231,56 +231,54 @@ for t in $dfsc; do plansmbtorturetestsuite "$t" dc $ADDARGS //\$SERVER/ipc$ -U"\$USERNAME"%"\$PASSWORD" done -# Tests for the NET API +# Tests for the NET API (NET-API-BECOME-DC tested below against all the roles) -net=`$smb4torture --list | grep "^NET-"` +net=`$smb4torture --list | grep "^NET-" | grep -v NET-API-BECOME-DC` for t in $net; do plansmbtorturetestsuite "$t" dc "\$SERVER[$VALIDATE]" -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "$*" done -plansmbtorturetestsuite NET-API-BECOME-DC fl2000dc "\$SERVER[$VALIDATE]" -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "$*" - -# Tests for session keys +# Tests for session keys and encryption of RPC pipes # FIXME: Integrate these into a single smbtorture test bindoptions="" transport="ncacn_np" for ntlmoptions in \ - "-k no --option=usespnego=yes" \ - "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no" \ - "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes" \ - "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=no" \ - "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ - "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no" \ - "-k no --option=usespnego=yes --option=clientntlmv2auth=yes" \ - "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \ - "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ - "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \ - "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \ - "-k no --option=usespnego=no"; do - name="rpc.lsa.secrets on $transport with $bindoptions with $ntlmoptions" - plantestsuite "$name" dc $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN --option=gensec:target_hostname=\$NETBIOSNAME RPC-LSA-SECRETS "$*" + "-k no --option=usespnego=yes" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=no" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no" \ + "-k no --option=usespnego=yes --option=clientntlmv2auth=yes" \ + "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \ + "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ + "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \ + "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \ + "-k no --option=usespnego=no"; do + name="rpc.lsa.secrets on $transport with $bindoptions with $ntlmoptions" + plantestsuite "$name" dc $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN --option=gensec:target_hostname=\$NETBIOSNAME RPC-LSA-SECRETS "$*" done -plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos" dc $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*" -plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos - use target principal" dc $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*" -plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login" dc $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*" -plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login, use target principal" dc $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*" - -# Echo tests -transports="ncacn_np ncacn_ip_tcp ncalrpc" -for transport in $transports; do - for bindoptions in connect spnego spnego,sign spnego,seal $VALIDATE padcheck bigendian bigendian,seal; do - for ntlmoptions in \ - "--option=socket:testnonblock=True --option=torture:quick=yes"; do - env="dc" - if test x"$transport" = x"ncalrpc"; then - env="dc:local" - fi - plantestsuite "rpc.echo on $transport with $bindoptions and $ntlmoptions" $env $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" RPC-ECHO "$*" - done - done +transports="ncacn_np ncacn_ip_tcp" + +#Kerberos varies between functional levels, so it is important to check this on all of them +for env in dc fl2000dc fl2003dc fl2008r2dc; do + for transport in $transports; do + plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos" $env $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*" + plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos - use target principal" $env $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*" + plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login" $env $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*" + plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login, use target principal" $env $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*" + plansmbtorturetestsuite NET-API-BECOME-DC $env "\$SERVER[$VALIDATE]" -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "$*" + plantestsuite "rpc.echo on $transport with $bindoptions and $echooptions" $env $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" RPC-ECHO "$*" + + # Echo tests test bulk Kerberos encryption of DCE/RPC + for bindoptions in connect spnego spnego,sign spnego,seal $VALIDATE padcheck bigendian bigendian,seal; do + echooptions="--option=socket:testnonblock=True --option=torture:quick=yes -k yes" + plantestsuite "rpc.echo on $transport with $bindoptions and $echooptions" $env $smb4torture $transport:"\$SERVER[$bindoptions]" $echooptions -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" RPC-ECHO "$*" + done + done done for transport in $transports; do @@ -495,11 +493,13 @@ plantestsuite "winreg.python" dc:local $SUBUNITRUN -U\$USERNAME%\$PASSWORD samba plantestsuite "ldap.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN plantestsuite "schemaInfo.python" dc PYTHONPATH="$PYTHONPATH:$samba4srcdir/lib/ldb/tests/python/" $SUBUNITRUN dsdb_schema_info -U"\$DOMAIN/\$DC_USERNAME"%"\$DC_PASSWORD" plantestsuite "urgent_replication.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/urgent_replication.py \$PREFIX_ABS/dc/private/sam.ldb -plantestsuite "ldap_schema.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap_schema.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN -plantestsuite "ldap.possibleInferiors.python" dc $PYTHON $samba4srcdir/dsdb/samdb/ldb_modules/tests/possibleinferiors.py ldap://\$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN -plantestsuite "ldap.secdesc.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/sec_descriptor.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN -plantestsuite "ldap.acl.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/acl.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN -plantestsuite "ldap.passwords.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/passwords.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN +for env in "dc" "fl2000dc" "fl2003dc" "fl2008r2dc"; do + plantestsuite "ldap_schema.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap_schema.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN + plantestsuite "ldap.possibleInferiors.python" $env $PYTHON $samba4srcdir/dsdb/samdb/ldb_modules/tests/possibleinferiors.py ldap://\$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN + plantestsuite "ldap.secdesc.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/sec_descriptor.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN + plantestsuite "ldap.acl.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/acl.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN + plantestsuite "ldap.passwords.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/passwords.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN +done plantestsuite "upgradeprovisiondc.python" dc:local $SUBUNITRUN samba.tests.upgradeprovisionneeddc plantestsuite "upgradeprovisionnodc.python" none $SUBUNITRUN samba.tests.upgradeprovision plantestsuite "xattr.python" none $SUBUNITRUN samba.tests.xattr |