summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--selftest/target/Samba4.pm100
-rwxr-xr-xsource4/selftest/tests.sh84
2 files changed, 142 insertions, 42 deletions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index c19f162d62..0ef280ee16 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1027,6 +1027,50 @@ sub provision_fl2000dc($$)
return $ret;
}
+sub provision_fl2003dc($$)
+{
+ my ($self, $prefix) = @_;
+
+ print "PROVISIONING DC...";
+ my $ret = $self->provision($prefix,
+ "domain controller",
+ "localfl2003dc6",
+ "localfl2003dc",
+ "SAMBA2003",
+ "samba2003.example.com",
+ "2003",
+ 6,
+ "locDCpass6",
+ "127.0.0.6", "");
+
+ $self->add_wins_config("$prefix/private") or
+ die("Unable to add wins configuration");
+
+ return $ret;
+}
+
+sub provision_fl2008r2dc($$)
+{
+ my ($self, $prefix) = @_;
+
+ print "PROVISIONING DC...";
+ my $ret = $self->provision($prefix,
+ "domain controller",
+ "localfl2008r2dc6",
+ "localfl2000r2dc",
+ "SAMBA2008R2",
+ "samba2008R2.example.com",
+ "2008_r2",
+ 7,
+ "locDCpass7",
+ "127.0.0.7", "");
+
+ $self->add_wins_config("$prefix/private") or
+ die("Unable to add wins configuration");
+
+ return $ret;
+}
+
sub teardown_env($$)
{
my ($self, $envvars) = @_;
@@ -1104,6 +1148,10 @@ sub setup_env($$$)
return $self->setup_dc("$path/dc");
} elsif ($envname eq "fl2000dc") {
return $self->setup_fl2000dc("$path/fl2000dc");
+ } elsif ($envname eq "fl2003dc") {
+ return $self->setup_fl2003dc("$path/fl2003dc");
+ } elsif ($envname eq "fl2008r2dc") {
+ return $self->setup_fl2008r2dc("$path/fl2008r2dc");
} elsif ($envname eq "rpc_proxy") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
@@ -1144,6 +1192,26 @@ sub setup_env($$$)
$ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME};
$ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD};
}
+ if (not defined($self->{vars}->{fl2003dc})) {
+ my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc});
+
+ $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER};
+ $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP};
+ $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME};
+ $ret->{FL2003DC_NETBIOSALIAS} = $fl2003dc_ret->{NETBIOSALIAS};
+ $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME};
+ $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD};
+ }
+ if (not defined($self->{vars}->{fl2008r2dc})) {
+ my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc});
+
+ $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER};
+ $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP};
+ $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME};
+ $ret->{FL2008R2DC_NETBIOSALIAS} = $fl2008r2dc_ret->{NETBIOSALIAS};
+ $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME};
+ $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD};
+ }
return $ret;
} else {
die("Samba4 can't provide environment '$envname'");
@@ -1212,6 +1280,38 @@ sub setup_fl2000dc($$)
return $env;
}
+sub setup_fl2003dc($$)
+{
+ my ($self, $path) = @_;
+
+ my $env = $self->provision_fl2003dc($path);
+
+ $self->check_or_start($env,
+ ($ENV{SMBD_MAXTIME} or 7500));
+
+ $self->wait_for_start($env);
+
+ $self->{vars}->{fl2003dc} = $env;
+
+ return $env;
+}
+
+sub setup_fl2008r2dc($$)
+{
+ my ($self, $path) = @_;
+
+ my $env = $self->provision_fl2008r2dc($path);
+
+ $self->check_or_start($env,
+ ($ENV{SMBD_MAXTIME} or 7500));
+
+ $self->wait_for_start($env);
+
+ $self->{vars}->{fl2008r2dc} = $env;
+
+ return $env;
+}
+
sub setup_vampire_dc($$$)
{
my ($self, $path, $dc_vars) = @_;
diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh
index 129b5ead15..c8f1cd5803 100755
--- a/source4/selftest/tests.sh
+++ b/source4/selftest/tests.sh
@@ -231,56 +231,54 @@ for t in $dfsc; do
plansmbtorturetestsuite "$t" dc $ADDARGS //\$SERVER/ipc$ -U"\$USERNAME"%"\$PASSWORD"
done
-# Tests for the NET API
+# Tests for the NET API (NET-API-BECOME-DC tested below against all the roles)
-net=`$smb4torture --list | grep "^NET-"`
+net=`$smb4torture --list | grep "^NET-" | grep -v NET-API-BECOME-DC`
for t in $net; do
plansmbtorturetestsuite "$t" dc "\$SERVER[$VALIDATE]" -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "$*"
done
-plansmbtorturetestsuite NET-API-BECOME-DC fl2000dc "\$SERVER[$VALIDATE]" -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "$*"
-
-# Tests for session keys
+# Tests for session keys and encryption of RPC pipes
# FIXME: Integrate these into a single smbtorture test
bindoptions=""
transport="ncacn_np"
for ntlmoptions in \
- "-k no --option=usespnego=yes" \
- "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no" \
- "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes" \
- "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=no" \
- "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
- "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no" \
- "-k no --option=usespnego=yes --option=clientntlmv2auth=yes" \
- "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \
- "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
- "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \
- "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \
- "-k no --option=usespnego=no"; do
- name="rpc.lsa.secrets on $transport with $bindoptions with $ntlmoptions"
- plantestsuite "$name" dc $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN --option=gensec:target_hostname=\$NETBIOSNAME RPC-LSA-SECRETS "$*"
+ "-k no --option=usespnego=yes" \
+ "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no" \
+ "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes" \
+ "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=no" \
+ "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
+ "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no" \
+ "-k no --option=usespnego=yes --option=clientntlmv2auth=yes" \
+ "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \
+ "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
+ "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \
+ "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \
+ "-k no --option=usespnego=no"; do
+ name="rpc.lsa.secrets on $transport with $bindoptions with $ntlmoptions"
+ plantestsuite "$name" dc $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN --option=gensec:target_hostname=\$NETBIOSNAME RPC-LSA-SECRETS "$*"
done
-plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos" dc $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*"
-plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos - use target principal" dc $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*"
-plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login" dc $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*"
-plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login, use target principal" dc $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*"
-
-# Echo tests
-transports="ncacn_np ncacn_ip_tcp ncalrpc"
-for transport in $transports; do
- for bindoptions in connect spnego spnego,sign spnego,seal $VALIDATE padcheck bigendian bigendian,seal; do
- for ntlmoptions in \
- "--option=socket:testnonblock=True --option=torture:quick=yes"; do
- env="dc"
- if test x"$transport" = x"ncalrpc"; then
- env="dc:local"
- fi
- plantestsuite "rpc.echo on $transport with $bindoptions and $ntlmoptions" $env $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" RPC-ECHO "$*"
- done
- done
+transports="ncacn_np ncacn_ip_tcp"
+
+#Kerberos varies between functional levels, so it is important to check this on all of them
+for env in dc fl2000dc fl2003dc fl2008r2dc; do
+ for transport in $transports; do
+ plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos" $env $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*"
+ plantestsuite "rpc.lsa.secrets on $transport with $bindoptions with Kerberos - use target principal" $env $smb4torture $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-LSA-SECRETS "$*"
+ plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login" $env $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*"
+ plantestsuite "rpc.lsa.secrets on $transport with Kerberos - use Samba3 style login, use target principal" $env $smb4torture $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" "RPC-LSA-SECRETS-none*" "$*"
+ plansmbtorturetestsuite NET-API-BECOME-DC $env "\$SERVER[$VALIDATE]" -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "$*"
+ plantestsuite "rpc.echo on $transport with $bindoptions and $echooptions" $env $smb4torture $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" RPC-ECHO "$*"
+
+ # Echo tests test bulk Kerberos encryption of DCE/RPC
+ for bindoptions in connect spnego spnego,sign spnego,seal $VALIDATE padcheck bigendian bigendian,seal; do
+ echooptions="--option=socket:testnonblock=True --option=torture:quick=yes -k yes"
+ plantestsuite "rpc.echo on $transport with $bindoptions and $echooptions" $env $smb4torture $transport:"\$SERVER[$bindoptions]" $echooptions -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" RPC-ECHO "$*"
+ done
+ done
done
for transport in $transports; do
@@ -495,11 +493,13 @@ plantestsuite "winreg.python" dc:local $SUBUNITRUN -U\$USERNAME%\$PASSWORD samba
plantestsuite "ldap.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
plantestsuite "schemaInfo.python" dc PYTHONPATH="$PYTHONPATH:$samba4srcdir/lib/ldb/tests/python/" $SUBUNITRUN dsdb_schema_info -U"\$DOMAIN/\$DC_USERNAME"%"\$DC_PASSWORD"
plantestsuite "urgent_replication.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/urgent_replication.py \$PREFIX_ABS/dc/private/sam.ldb
-plantestsuite "ldap_schema.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap_schema.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
-plantestsuite "ldap.possibleInferiors.python" dc $PYTHON $samba4srcdir/dsdb/samdb/ldb_modules/tests/possibleinferiors.py ldap://\$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
-plantestsuite "ldap.secdesc.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/sec_descriptor.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
-plantestsuite "ldap.acl.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/acl.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
-plantestsuite "ldap.passwords.python" dc PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/passwords.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
+for env in "dc" "fl2000dc" "fl2003dc" "fl2008r2dc"; do
+ plantestsuite "ldap_schema.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap_schema.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
+ plantestsuite "ldap.possibleInferiors.python" $env $PYTHON $samba4srcdir/dsdb/samdb/ldb_modules/tests/possibleinferiors.py ldap://\$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
+ plantestsuite "ldap.secdesc.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/sec_descriptor.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
+ plantestsuite "ldap.acl.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/acl.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
+ plantestsuite "ldap.passwords.python" $env PYTHONPATH="$PYTHONPATH:../lib/subunit/python:../lib/testtools" $PYTHON $samba4srcdir/lib/ldb/tests/python/passwords.py \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN
+done
plantestsuite "upgradeprovisiondc.python" dc:local $SUBUNITRUN samba.tests.upgradeprovisionneeddc
plantestsuite "upgradeprovisionnodc.python" none $SUBUNITRUN samba.tests.upgradeprovision
plantestsuite "xattr.python" none $SUBUNITRUN samba.tests.xattr