Age | Commit message (Collapse) | Author | Files | Lines |
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
fails.
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
do it manually.
|
|
|
|
exists.
|
|
this better reflects real usage
|
|
During 'net vampire', vampired DC adds information in its own
database, se we need to force replicate vampired_dc to the
first DC to be sure everything is in sync prior starting tests
|
|
metze
|
|
This is needed for a working "OemChangePasswordUser2" operation.
|
|
|
|
|
|
This makes the netbios names more sensible, and the aliases shorter.
(the name localfl2008rc2dc7 was too long...)
Andrew Bartlett
|
|
These tests were chosen particularly because they are known to test things
that vary across the functional levels.
Andrew Bartlett
|
|
|
|
metze
|
|
Now we have 127.0.0.6-10 available for more servers.
metze
|
|
metze
|
|
This gives more room for servers.
Note: socket_wrapper currently only supports 127.0.0.1-16
see MAX_WRAPPED_INTERFACES.
metze
|
|
|
|
This required that we pass the name of the realm down as a parameter,
so we can start up two different realms.
Andrew Bartlett
|
|
This starts a domain controller, after running 'net vampire' to
populate it. We don't use it as the 'all' environment yet, as the
rest of the code isn't quite ready to handle it.
Andrew Bartlett
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The passwords need to be more complex to meet the new complexity criteria.
|
|
thanks to metze for noticing this
|
|
Passing this option greatly reduces the time spent in the test.
Andrew Bartlett
|
|
this is now handled by SMB_CONF_PATH
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This will in future allow us to test 'net vampire' in the test
environment, using the file based DNS lookups to avoid us hitting real
DNS.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This also changes the 'testenv' code to use a new environment 'all'
(we may wish to make other complex tests depend on this in future),
and exports more names in more namespaces.
Andrew Bartlett
|
|
We don't want rndc calls on the build farm
|
|
|
|
|
|
This speeds up some of the delay based tests by a lot. There is no
need to have long delays during testing.
|
|
This should help debug problems with 'make test' of the LDAP backend,
if a stray listener is still around.
Andrew Bartlett
|
|
This removes a *lot* of duplicated code and the cause of much
administrator frustration. We now handle starting and stopping the
slapd (at least for the provision), and ensure that there is only one
'right' way to configure the OpenLDAP and Fedora DS backend
We now run OpenLDAP in 'cn=config' mode for online configuration.
To test what was the provision-backend code, a new --ldap-dryrun-mode
option has been added to provision. It quits the provision just
before it would start the LDAP binaries
Andrew Bartlett
|
|
To choose the process model, set the environment variable
SAMBA_PROCESS_MODEL to the desired model. This will allow us to enable
the standard process model for some machines in the build farm without
enabling it for all of them. I don't want to just enable it
universally as I am concerned with total memory using during some of
the tests.
|
|
I think we are missing some important messages from the server during
'make test' because we don't show the log file contents during
runs. This patch uses tee to put the log messages to stderr so we can
see any server messages associated with the test that caused them.
|
|
The provision-backend script now starts slapd for us
Andrew Bartlett
|
|
In the releases of OpenLDAP we require (2.4.17) it can guess this much
itself, so no need for us to do it.
Andrew Bartlett
|
|
heres the summary of all changes/extensions:
- Andrew Bartlett's patch to generate indext
- Howard Chu's idea to use nosync on the DB included, but made optional
- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when
openldap-backend is chosen.
its also used for olc-conversion
- slapd-detection is now always done by ldapsearch (ldb module),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.
- if ldapsearch was not successfull, (no slapd listening on our socket)
slapd is
started via special generated slapdcommand_prov (ldapi_uri only)
- slapd-"provision-process" startup is done via pythons subprocess.
- the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid.
- after provision-backend is finished:
--- slapd.pid is compared with our stored slapd_provision_pid.
if the are unique, slapd.pid will be read out, and the
slapd "provison"-process will be shut down.
--- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri
-> rootDSE.
--- if the pids are different or one of the pid-files is missing, slapd
will not be shut down,
instead an error message is displayed to locate slapd manually
--- extended help-messages (relevant to slapd) are always displayed,
e.g. the commandline with which slapd has to be started when everythings
finished
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))
- upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
|
|
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
|
|
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ. (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
Andrew Bartlett
|
|
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
|
|
|
|
metze
|
|
The versions of OpenLDAP that we require don't need us to specify the
location any more - slaptest knows this from it's build time.
Andrew Bartlett
|