The branch, master has been updated via 2a0e53374dd selftest: Confirm that the flags like DS_DIRECTORY_SERVICE_9_REQUIRED work via 920e1a5bae3 selftest: Rework samba.tests.getdcname not to use ncalrpc via 1593c9e6588 selftest: Assert that we have a trust in samba.tests.getdcname via 7f692601c5c libcli: Don’t call memcpy() with a NULL pointer via fb759809f89 python:tests: Ensure that we don’t overwrite tests via 7390eb12547 python:tests: Make script executable via d308136a5e5 python:tests: Initialize global variable via 2009166efd4 python:tests: Remove unused imports via c51bffa8fdc python:tests: Exclude Python test directories via 63c228f89f3 python:tests: Fix f-strings via 5dfb090d9cd s4:rpc_server/samr: Log correct authentication description for samr_ChangePasswordUser2() via 838cdd16808 s4:torture: Consistently use NBT_SERVER_* flags via f75b980fff9 s4:torture: Handle new NBT_SERVER_* flags via e14b5974c67 net_ads: Handle new NBT_SERVER_* flags via 2641b4a20e4 samba-tool domain: Handle new NBT_SERVER_* flags via 642079771b5 librpc/idl: Fix indentation via 20ba6e487b0 tests/auth_log: Remove debugging code via de4ce89e0a5 tests/auth_log: Add missing call to tearDownClass() via 76e87c6262d tests/audit_log: Add missing call to tearDown() via a05a9a3e780 tests/auth_log: Remove unnecessary check via 6d68ef23b32 tests/audit_log: Remove unnecessary checks via 4cb869dce44 tests/auth_log: Call discardMessages() on class via 47a0b9a4cbc tests/auth_log: Make discardMessages() more reliable via 5c1ea54cea9 tests/auth_log: Expect no messages when changing a non-existent user’s password via e1884e8038f tests/audit_log: Make discardMessages() more reliable via e2e8c86988a tests/auth_log: Correctly get lp_ctx via af9d1a3d909 tests/auth_log: Remove unneeded len() call via a7ad25a7811 tests/audit_log: Remove unneeded len() call via 40425672fe9 tests/auth_log: Rename ‘self’ parameter to ‘cls’ via 1923abe7e4c tests/auth_log: Rename ‘self’ parameter to ‘cls’ via 1c17d56cc53 tests/auth_log: Correctly check for GUID via ffda69f2d9d tests/audit_log: Correctly check for GUID via 72d5a5a33bc tests/auth_log: Pre-compile GUID regex via b1b7d7561ac tests/krb5: Don’t cache accounts with an assigned policy or silo via dc0d96b058b tests/krb5: Move TestCaseInTempDir to more appropriate place in class hierarchy from 035f6d914d1 vfs_fruit: add fruit:convert_adouble parameter
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 2a0e53374dd8ae26f7f180fb6218363da7d17fec Author: Andrew Bartlett <abart...@samba.org> Date: Thu May 25 16:59:52 2023 +1200 selftest: Confirm that the flags like DS_DIRECTORY_SERVICE_9_REQUIRED work We need to confirm this both for forwarded requests, and also for requests direct to the possible DC. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Mon May 29 23:29:50 UTC 2023 on atb-devel-224 commit 920e1a5bae33391615cd8b66f2f34d7837845aa0 Author: Andrew Bartlett <abart...@samba.org> Date: Thu May 25 16:57:55 2023 +1200 selftest: Rework samba.tests.getdcname not to use ncalrpc This test is able to operate over the network, which aids testing against a comparative windows DC. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit 1593c9e6588cd15b88793d43bee17c060718c134 Author: Andrew Bartlett <abart...@samba.org> Date: Wed May 24 16:28:20 2023 +1200 selftest: Assert that we have a trust in samba.tests.getdcname We must ensure this test cannot became inoperative because the environment it was run against has no trust. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit 7f692601c5ca5f2b846f7ff270044f97d849d7d0 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri May 26 16:05:43 2023 +1200 libcli: Don’t call memcpy() with a NULL pointer Doing so is undefined behaviour. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fb759809f89d8277542b1106d39939f32a04778e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 17:03:48 2023 +1200 python:tests: Ensure that we don’t overwrite tests If the file iterator returns two entries with the same name, one may overwrite the other. script_iterator() currently ensures this won’t happen, but it pays to be safe. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7390eb12547fff6964af97916ec3914259d607a2 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 16:28:45 2023 +1200 python:tests: Make script executable Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d308136a5e51f3dd2cef7253b184b8b348ff924f Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 16:28:29 2023 +1200 python:tests: Initialize global variable Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2009166efd40f39cc29a7cf0a3cf97d73df6678d Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 16:57:36 2023 +1200 python:tests: Remove unused imports Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c51bffa8fdcac6f0d49fb4cc7656ab789ab50bc2 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 16:58:30 2023 +1200 python:tests: Exclude Python test directories Practically all of our Kerberos tests are excluded already. Many of our tests aren’t marked as executable, and so aren’t being checked anyway. Rather than having a large list of exclusions which one may easily forget to update, just exclude the test directories. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 63c228f89f381f802c8b551ffb1a4fe2844d3995 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 14:14:11 2023 +1200 python:tests: Fix f-strings Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5dfb090d9cde58edc96b9521af69692208ab656c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 12:58:09 2023 +1200 s4:rpc_server/samr: Log correct authentication description for samr_ChangePasswordUser2() We would unconditionally log "samr_ChangePasswordUser3", which was misleading. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 838cdd16808d4bc58bdd156f7715df34b388b950 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 09:55:19 2023 +1200 s4:torture: Consistently use NBT_SERVER_* flags Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f75b980fff98370fe09c7f8280b2d61b71f1214b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 09:54:58 2023 +1200 s4:torture: Handle new NBT_SERVER_* flags Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e14b5974c67ee39d7033c6aa7cbf71c6dc46d7ec Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 09:48:19 2023 +1200 net_ads: Handle new NBT_SERVER_* flags Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2641b4a20e4a4f87f6c2c6d5e824d2ed55d01a4b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 09:33:38 2023 +1200 samba-tool domain: Handle new NBT_SERVER_* flags Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 642079771b5a8525e982bdd29c4ceea457c95580 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 09:30:03 2023 +1200 librpc/idl: Fix indentation Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 20ba6e487b08acb390ad35178dc6759a558877aa Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri May 26 15:42:27 2023 +1200 tests/auth_log: Remove debugging code Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit de4ce89e0a507c23aaba2d8719a6943034b213c1 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri May 26 11:50:35 2023 +1200 tests/auth_log: Add missing call to tearDownClass() Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 76e87c6262d73f66f5b2b46204d6aef7526ffa32 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri May 26 11:50:21 2023 +1200 tests/audit_log: Add missing call to tearDown() Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a05a9a3e780e868fe717d03c81d38fe1356b69af Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 12:22:11 2023 +1200 tests/auth_log: Remove unnecessary check This attribute is always truthy. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6d68ef23b3280675d45eb85db7653f2bceaf10c7 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 12:20:06 2023 +1200 tests/audit_log: Remove unnecessary checks These attributes are always truthy. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4cb869dce44b9397cb34f34a918e1bcda8c61223 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 12:16:32 2023 +1200 tests/auth_log: Call discardMessages() on class This makes it clearer that discardMessages() operates on the class. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 47a0b9a4cbc4c13330c3e362e30b2f8795552466 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 12:15:07 2023 +1200 tests/auth_log: Make discardMessages() more reliable It can take two or three calls to msg_ctx.loop_once() before a message comes in. Make sure we get all of the messages. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5c1ea54cea98782db8cec63398c5a28cdd6dd5e9 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri May 26 16:00:50 2023 +1200 tests/auth_log: Expect no messages when changing a non-existent user’s password These log messages come from setUp(), and the fact that we are getting them is merely a side-effect of the unreliability of discardMessages(). Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e1884e8038f9fa663ddf1993a9d1ec96babe2bc9 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu May 25 12:13:28 2023 +1200 tests/audit_log: Make discardMessages() more reliable It can take two or three calls to msg_ctx.loop_once() before a message comes in. Make sure we get all of the messages. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e2e8c86988af26c6a505937d5ef066bdfafa539f Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 14:55:35 2023 +1200 tests/auth_log: Correctly get lp_ctx Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit af9d1a3d9090949a1326d625ce2ebb0fbf2dc152 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 11:11:20 2023 +1200 tests/auth_log: Remove unneeded len() call Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a7ad25a781149f24eb82dc4dee4382ac1cabb2fa Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 11:11:01 2023 +1200 tests/audit_log: Remove unneeded len() call Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 40425672fe992fe52b2529a5a80b3fe1db0bfbc0 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 24 10:13:07 2023 +1200 tests/auth_log: Rename ‘self’ parameter to ‘cls’ This method operates on the class, not on an instance of that class. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1923abe7e4c151300aee78fcbe9cf30c61865ec5 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 23 16:45:28 2023 +1200 tests/auth_log: Rename ‘self’ parameter to ‘cls’ This method operates on the class, not on an instance of that class. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1c17d56cc53cc5b4eaeff87ccbea68fb07b7caf1 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 23 16:43:10 2023 +1200 tests/auth_log: Correctly check for GUID Pattern.match() only checks the starting portion of the string. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ffda69f2d9d074867c451b5f880315d126865bd2 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 23 16:42:54 2023 +1200 tests/audit_log: Correctly check for GUID Pattern.match() only checks the starting portion of the string. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 72d5a5a33bcf504a2095d2c771737d8feea03d26 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 23 16:37:30 2023 +1200 tests/auth_log: Pre-compile GUID regex Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b1b7d7561acccfec248c6a2f260d81c0f3bacbe2 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri May 26 12:07:42 2023 +1200 tests/krb5: Don’t cache accounts with an assigned policy or silo Such accounts are virtually never reused. Not caching them (thus deleting them early) grants significant time savings. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit dc0d96b058b7b55a5a5ef9954bedcc692da6f8b3 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 23 14:47:52 2023 +1200 tests/krb5: Move TestCaseInTempDir to more appropriate place in class hierarchy KDCBaseTest is the only class that makes use of it. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: libcli/cldap/cldap.c | 4 +- librpc/idl/nbt.idl | 4 +- python/samba/netcmd/domain/trust.py | 2 + python/samba/tests/audit_log_base.py | 31 ++++--- python/samba/tests/auth_log_base.py | 39 +++++---- python/samba/tests/auth_log_pass_change.py | 19 ++--- python/samba/tests/getdcname.py | 112 +++++++++++++++++++++----- python/samba/tests/krb5/authn_policy_tests.py | 2 + python/samba/tests/krb5/kdc_base_test.py | 4 +- python/samba/tests/krb5/raw_testcase.py | 4 +- python/samba/tests/source_chars.py | 18 +++-- python/samba/tests/usage.py | 51 +++--------- selftest/knownfail.d/getdcname | 3 + source3/utils/net_ads.c | 44 +++++++++- source4/rpc_server/samr/samr_password.c | 26 ++++-- source4/selftest/tests.py | 2 +- source4/torture/ldap/netlogon.c | 16 ++-- 17 files changed, 254 insertions(+), 127 deletions(-) mode change 100644 => 100755 python/samba/tests/source_chars.py create mode 100644 selftest/knownfail.d/getdcname Changeset truncated at 500 lines: diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c index 6c2bf86c111..8176946e8b5 100644 --- a/libcli/cldap/cldap.c +++ b/libcli/cldap/cldap.c @@ -513,7 +513,9 @@ NTSTATUS cldap_reply_send(struct cldap_socket *cldap, struct cldap_reply *io) goto nomem; } - memcpy(state->blob.data, blob1.data, blob1.length); + if (blob1.data != NULL) { + memcpy(state->blob.data, blob1.data, blob1.length); + } memcpy(state->blob.data+blob1.length, blob2.data, blob2.length); data_blob_free(&blob1); data_blob_free(&blob2); diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl index 021e9538bd7..fd56c46bb5e 100644 --- a/librpc/idl/nbt.idl +++ b/librpc/idl/nbt.idl @@ -360,8 +360,8 @@ interface nbt NBT_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800, /* 2008 / RODC */ NBT_SERVER_FULL_SECRET_DOMAIN_6 = 0x00001000, /* 2008 */ NBT_SERVER_ADS_WEB_SERVICE = 0x00002000, - NBT_SERVER_DS_8 = 0x00004000, /* 2012 */ - NBT_SERVER_DS_9 = 0x00008000, /* 2012R2 */ + NBT_SERVER_DS_8 = 0x00004000, /* 2012 */ + NBT_SERVER_DS_9 = 0x00008000, /* 2012R2 */ NBT_SERVER_DS_10 = 0x00010000, /* 2016 */ NBT_SERVER_HAS_DNS_NAME = 0x20000000, NBT_SERVER_IS_DEFAULT_NC = 0x40000000, diff --git a/python/samba/netcmd/domain/trust.py b/python/samba/netcmd/domain/trust.py index 4a7470869eb..361cb2900fd 100644 --- a/python/samba/netcmd/domain/trust.py +++ b/python/samba/netcmd/domain/trust.py @@ -185,6 +185,8 @@ class DomainTrustCommand(Command): nbt.NBT_SERVER_FULL_SECRET_DOMAIN_6: "FULL_SECRET_DOMAIN_6", nbt.NBT_SERVER_ADS_WEB_SERVICE: "ADS_WEB_SERVICE", nbt.NBT_SERVER_DS_8: "DS_8", + nbt.NBT_SERVER_DS_9: "DS_9", + nbt.NBT_SERVER_DS_10: "DS_10", nbt.NBT_SERVER_HAS_DNS_NAME: "HAS_DNS_NAME", nbt.NBT_SERVER_IS_DEFAULT_NC: "IS_DEFAULT_NC", nbt.NBT_SERVER_FOREST_ROOT: "FOREST_ROOT", diff --git a/python/samba/tests/audit_log_base.py b/python/samba/tests/audit_log_base.py index 18f86a9d310..73d0d8e306c 100644 --- a/python/samba/tests/audit_log_base.py +++ b/python/samba/tests/audit_log_base.py @@ -126,12 +126,12 @@ class AuditLogTestBase(samba.tests.TestCase): self.discardMessages() self.msg_ctx.irpc_remove_name(self.event_type) self.msg_ctx.irpc_remove_name(AUTH_EVENT_NAME) - if self.msg_handler_and_context: - self.msg_ctx.deregister(self.msg_handler_and_context, - msg_type=self.message_type) - if self.auth_handler_and_context: - self.msg_ctx.deregister(self.auth_handler_and_context, - msg_type=MSG_AUTH_LOG) + self.msg_ctx.deregister(self.msg_handler_and_context, + msg_type=self.message_type) + self.msg_ctx.deregister(self.auth_handler_and_context, + msg_type=MSG_AUTH_LOG) + + super().tearDown() def haveExpected(self, expected, dn): if dn is None: @@ -175,13 +175,20 @@ class AuditLogTestBase(samba.tests.TestCase): # Discard any previously queued messages. def discardMessages(self): - self.msg_ctx.loop_once(0.001) - while (len(self.context["messages"]) or - self.context["txnMessage"] is not None): + messages = self.context["messages"] - self.context["messages"] = [] + while True: + messages.clear() self.context["txnMessage"] = None - self.msg_ctx.loop_once(0.001) + + # tevent presumably has other tasks to run, so we might need two or + # three loops before a message comes through. + for _ in range(5): + self.msg_ctx.loop_once(0.001) + + if not messages and self.context["txnMessage"] is None: + # No new messages. We’ve probably got them all. + break GUID_RE = re.compile( "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}") @@ -190,7 +197,7 @@ class AuditLogTestBase(samba.tests.TestCase): # Is the supplied GUID string correctly formatted # def is_guid(self, guid): - return self.GUID_RE.match(guid) + return self.GUID_RE.fullmatch(guid) def get_session(self): return self.auth_context["sessionId"] diff --git a/python/samba/tests/auth_log_base.py b/python/samba/tests/auth_log_base.py index ebe9c3a124a..586719980cb 100644 --- a/python/samba/tests/auth_log_base.py +++ b/python/samba/tests/auth_log_base.py @@ -41,7 +41,7 @@ class AuthLogTestBase(samba.tests.TestCase): if server_conf: lp_ctx = LoadParm(filename_for_non_global_lp=server_conf) else: - samba.tests.env_loadparm() + lp_ctx = samba.tests.env_loadparm() cls.msg_ctx = Messaging((1,), lp_ctx=lp_ctx) cls.msg_ctx.irpc_add_name(AUTH_EVENT_NAME) @@ -72,15 +72,16 @@ class AuthLogTestBase(samba.tests.TestCase): cls.connection = None @classmethod - def tearDownClass(self): - if self.msg_handler_and_context: - self.msg_ctx.deregister(self.msg_handler_and_context, - msg_type=MSG_AUTH_LOG) - self.msg_ctx.irpc_remove_name(AUTH_EVENT_NAME) + def tearDownClass(cls): + cls.msg_ctx.deregister(cls.msg_handler_and_context, + msg_type=MSG_AUTH_LOG) + cls.msg_ctx.irpc_remove_name(AUTH_EVENT_NAME) + + super().tearDownClass() def setUp(self): super(AuthLogTestBase, self).setUp() - self.discardMessages() + type(self).discardMessages() def waitForMessages(self, isLastExpectedMessage, connection=None): """Wait for all the expected messages to arrive @@ -128,11 +129,20 @@ class AuthLogTestBase(samba.tests.TestCase): # Discard any previously queued messages. @classmethod - def discardMessages(self): - self.msg_ctx.loop_once(0.001) - while len(self.context["messages"]): - self.context["messages"] = [] - self.msg_ctx.loop_once(0.001) + def discardMessages(cls): + messages = cls.context["messages"] + + while True: + messages.clear() + + # tevent presumably has other tasks to run, so we might need two or + # three loops before a message comes through. + for _ in range(5): + cls.msg_ctx.loop_once(0.001) + + if not messages: + # No new messages. We’ve probably got them all. + break # Remove any NETLOGON authentication messages # NETLOGON is only performed once per session, so to avoid ordering @@ -147,10 +157,11 @@ class AuthLogTestBase(samba.tests.TestCase): return list(filter(is_not_netlogon, messages)) - GUID_RE = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + GUID_RE = re.compile( + "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}") # # Is the supplied GUID string correctly formatted # def is_guid(self, guid): - return re.match(self.GUID_RE, guid) + return self.GUID_RE.fullmatch(guid) diff --git a/python/samba/tests/auth_log_pass_change.py b/python/samba/tests/auth_log_pass_change.py index 1ca46c586b3..eef2d743684 100644 --- a/python/samba/tests/auth_log_pass_change.py +++ b/python/samba/tests/auth_log_pass_change.py @@ -51,11 +51,6 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): credentials=self.get_credentials(), lp=self.get_loadparm()) - print("ldb %s" % type(self.ldb)) - # Gets back the basedn - base_dn = self.ldb.domain_dn() - print("base_dn %s" % base_dn) - # permit password changes during this test PasswordCommon.allow_password_changes(self, self.ldb) @@ -71,7 +66,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): }) # discard any auth log messages for the password setup - self.discardMessages() + type(self).discardMessages() gnutls_pbkdf2_support = samba.tests.env_get_var_value( 'GNUTLS_PBKDF2_SUPPORT', allow_missing=True) @@ -237,14 +232,12 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): "Did not receive the expected message") # - # Currently this does not get logged, so we expect to only see the log - # entries for the underlying ldap bind. + # Currently this does not get logged, so we expect to see no messages. # def test_ldap_change_password_bad_user(self): def isLastExpectedMessage(msg): - return (msg["type"] == "Authorization" and - msg["Authorization"]["serviceDescription"] == "LDAP" and - msg["Authorization"]["authType"] == "krb5") + # Accept any message we receive. + return True new_password = samba.generate_random_password(32, 32) try: @@ -260,8 +253,8 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): (num, msg) = e.args pass - self.assertTrue(self.waitForMessages(isLastExpectedMessage), - "Did not receive the expected message") + self.assertFalse(self.waitForMessages(isLastExpectedMessage), + "Received unexpected messages") def test_ldap_change_password_bad_original_password(self): def isLastExpectedMessage(msg): diff --git a/python/samba/tests/getdcname.py b/python/samba/tests/getdcname.py index 5b777478bf7..55116bf98dc 100644 --- a/python/samba/tests/getdcname.py +++ b/python/samba/tests/getdcname.py @@ -40,11 +40,12 @@ class GetDCNameEx(samba.tests.TestCase): self.domain = os.environ.get('DOMAIN') self.trust_realm = os.environ.get('TRUST_REALM') self.trust_domain = os.environ.get('TRUST_DOMAIN') + self.trust_server = os.environ.get('TRUST_SERVER') def _call_get_dc_name(self, domain=None, domain_guid=None, site_name=None, ex2=False, flags=0): if self.netlogon_conn is None: - self.netlogon_conn = netlogon.netlogon("ncalrpc:[schannel]", + self.netlogon_conn = netlogon.netlogon(f"ncacn_ip_tcp:{self.server}", self.get_loadparm()) if ex2: @@ -97,8 +98,7 @@ class GetDCNameEx(samba.tests.TestCase): b) The returned domain does not match our own domain c) The domain matches the format requested """ - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) response_trust = self._call_get_dc_name(domain=self.trust_realm, ex2=True) @@ -137,8 +137,7 @@ class GetDCNameEx(samba.tests.TestCase): Ex calls Ex2 anyways, from now on, just test Ex. """ - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) response_trust = self._call_get_dc_name(domain=self.trust_realm, flags=netlogon.DS_RETURN_DNS_NAME) @@ -179,8 +178,7 @@ class GetDCNameEx(samba.tests.TestCase): We assume that there is no Invalid-First-Site-Name site. """ - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) site = 'Invalid-First-Site-Name' try: @@ -199,8 +197,7 @@ class GetDCNameEx(samba.tests.TestCase): We assume that there is no Invalid-First-Site-Name site. """ - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) site = 'Invalid-First-Site-Name' try: @@ -219,8 +216,7 @@ class GetDCNameEx(samba.tests.TestCase): We assume that there is a Default-First-Site-Name site. """ - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) site = '' try: @@ -243,8 +239,7 @@ class GetDCNameEx(samba.tests.TestCase): def test_get_dc_over_winbind_netbios(self): """Supply a NETBIOS trust domain name.""" - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) try: response_trust = self._call_get_dc_name(domain=self.trust_domain, @@ -265,8 +260,7 @@ class GetDCNameEx(samba.tests.TestCase): Currently marked in flapping... """ - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) site = 'Default-First-Site-Name' try: @@ -287,8 +281,7 @@ class GetDCNameEx(samba.tests.TestCase): def test_get_dc_over_winbind_domain_guid(self): """Ensure that we do not reject requests supplied with a NULL GUID""" - if self.trust_realm is None: - return + self.assertIsNotNone(self.trust_realm) null_guid = GUID() try: @@ -332,8 +325,7 @@ class GetDCNameEx(samba.tests.TestCase): We assume that there is no Invalid-First-Site-Name site. """ - if self.realm is None: - return + self.assertIsNotNone(self.realm) site = 'Invalid-First-Site-Name' try: @@ -451,6 +443,88 @@ class GetDCNameEx(samba.tests.TestCase): self.assertEqual(response.domain_name.lower(), self.realm.lower()) + def test_get_dc_winbind_need_2012r2(self): + """Test requring that we have a FL2012R2 DC as answer + """ + self.assertIsNotNone(self.trust_realm) + + try: + response_trust = self._call_get_dc_name(domain=self.trust_realm, + flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED) + except WERRORError as e: + enum, estr = e.args + self.fail(f"netr_DsRGetDCNameEx failed: {estr}") + + self.assertTrue(response_trust.dc_unc is not None) + self.assertTrue(response_trust.dc_unc.startswith('\\\\')) + self.assertTrue(response_trust.dc_address is not None) + self.assertTrue(response_trust.dc_address.startswith('\\\\')) + + self.assertEqual(response_trust.domain_name.lower(), + self.trust_realm.lower()) + + def test_get_dc_direct_need_2012r2_but_not_found(self): + """Test requring that we have a FL2012R2 DC as answer, aginst the FL2008R2 domain + + This test requires that the DC in the FL2008R2 does not claim + to be 2012R2 capable (off by default in Samba) + + """ + self.assertIsNotNone(self.realm) + + + try: + response = self._call_get_dc_name(domain=self.realm, + flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED) + + self.fail("Failed to detect requirement for 2012 that is not met") + except WERRORError as e: + enum, estr = e.args + if enum != werror.WERR_NO_SUCH_DOMAIN: + self.fail("Failed to detect requirement for 2012 that is not met") + + def test_get_dc_direct_need_2012r2(self): + """Test requring that we have a FL2012R2 DC as answer + """ + self.assertIsNotNone(self.trust_realm) + + self.netlogon_conn = netlogon.netlogon(f"ncacn_ip_tcp:{self.trust_server}", + self.get_loadparm()) + + response_trust = self._call_get_dc_name(domain=self.trust_realm, + flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED) + + self.assertTrue(response_trust.dc_unc is not None) + self.assertTrue(response_trust.dc_unc.startswith('\\\\')) + self.assertTrue(response_trust.dc_address is not None) + self.assertTrue(response_trust.dc_address.startswith('\\\\')) + + self.assertEqual(response_trust.domain_name.lower(), + self.trust_realm.lower()) + + def test_get_dc_winbind_need_2012r2_but_not_found(self): + """Test requring that we have a FL2012R2 DC as answer, aginst the FL2008R2 domain + + This test requires that the DC in the FL2008R2 does not claim + to be 2012R2 capable (off by default in Samba) + + """ + self.assertIsNotNone(self.realm) + + self.netlogon_conn = netlogon.netlogon(f"ncacn_ip_tcp:{self.trust_server}", + self.get_loadparm()) + + + try: + response = self._call_get_dc_name(domain=self.realm, + flags=netlogon.DS_RETURN_DNS_NAME|netlogon.DS_DIRECTORY_SERVICE_9_REQUIRED) + + self.fail("Failed to detect requirement for 2012 that is not met") + except WERRORError as e: + enum, estr = e.args + if enum != werror.WERR_NO_SUCH_DOMAIN: + self.fail("Failed to detect requirement for 2012 that is not met") + # TODO Thorough tests of domain GUID # # The domain GUID does not seem to be authoritative, and seems to be a diff --git a/python/samba/tests/krb5/authn_policy_tests.py b/python/samba/tests/krb5/authn_policy_tests.py index 6182388f262..c94967a2340 100755 --- a/python/samba/tests/krb5/authn_policy_tests.py +++ b/python/samba/tests/krb5/authn_policy_tests.py @@ -130,8 +130,10 @@ class AuthnPolicyTests(KdcTgsBaseTests): members += (member_of,) if assigned_policy is not None: opts['assigned_policy'] = str(assigned_policy) + cached = False # Policies are rarely reused between accounts. if assigned_silo is not None: opts['assigned_silo'] = str(assigned_silo) + cached = False # Silos are rarely reused between accounts. if allowed_rodc: opts['allowed_replication_mock'] = True opts['revealed_to_mock_rodc'] = True diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index 8c258fe711c..b8412cd57ff 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -95,7 +95,7 @@ from samba.samdb import SamDB, dsdb_Dn rc4_bit = security.KERB_ENCTYPE_RC4_HMAC_MD5 aes256_sk_bit = security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK -from samba.tests import delete_force +from samba.tests import TestCaseInTempDir, delete_force import samba.tests.krb5.kcrypto as kcrypto from samba.tests.krb5.raw_testcase import ( KerberosCredentials, @@ -144,7 +144,7 @@ class Principal: self.sid = sid -class KDCBaseTest(RawKerberosTest): +class KDCBaseTest(TestCaseInTempDir, RawKerberosTest): """ Base class for KDC tests. """ diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index e9e882334b4..889a29a38c8 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -48,7 +48,7 @@ from samba.dcerpc.misc import ( ) import samba.tests -from samba.tests import TestCaseInTempDir +from samba.tests import TestCase import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 from samba.tests.krb5.rfc4120_constants import ( @@ -555,7 +555,7 @@ class KerberosTicketCreds: self.sname = sname -class RawKerberosTest(TestCaseInTempDir): +class RawKerberosTest(TestCase): """A raw Kerberos Test case.""" class KpasswdMode(Enum): diff --git a/python/samba/tests/source_chars.py b/python/samba/tests/source_chars.py old mode 100644 new mode 100755 index e0acb38b8f7..0f44aa3a082 --- a/python/samba/tests/source_chars.py +++ b/python/samba/tests/source_chars.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python3 # Unix SMB/CIFS implementation. # # Copyright (C) Catalyst.Net Ltd. 2021 @@ -15,10 +16,13 @@ # You should have received a copy of the GNU General Public License -- Samba Shared Repository