selftest: add tests for samba-tool ntacl changedomsid Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Baumbach <bb@sernet.de> Autobuild-Date(master): Tue Jun 18 16:54:22 UTC 2019 on sn-devel-184
selftest: Woraround uid wrapper issues when using bash shell UID_WRAPPER_ROOT=1 is not working properly when tests run in bash shell instead of dash. After some debugging the reason may be dash spawns a subshell to run commands, but bash calls execve instead. Traces attached as reference: /bin/sh -> dash: [2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local) UWRAP_DEBUG(3145) - uwrap_init: Initialize uid_wrapper UWRAP_DEBUG(3145) - uwrap_init_env: uwrap_init_env UWRAP_DEBUG(3145) - uwrap_init: Enabled uid_wrapper as root (real uid=1000) UWRAP_DEBUG(3145) - uwrap_init: Successfully initialized uid_wrapper UWRAP_DEBUG(3144) - uwrap_init: Initialize uid_wrapper UWRAP_DEBUG(3144) - uwrap_init_env: uwrap_init_env UWRAP_DEBUG(3144) - uwrap_init: Enabled uid_wrapper as root (real uid=1000) UWRAP_DEBUG(3144) - uwrap_init: Successfully initialized uid_wrapper /bin/sh -> bash: [2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local) UWRAP_DEBUG(3352) - uwrap_export_ids: uwrap_export_ids UWRAP_DEBUG(3354) - uwrap_export_ids: uwrap_export_ids UWRAP_DEBUG(3354) - uwrap_init: Initialize uid_wrapper UWRAP_DEBUG(3354) - uwrap_init_env: uwrap_init_env UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000 UWRAP_DEBUG(3354) - uwrap_init_env: Initalize euid with 1000 UWRAP_DEBUG(3354) - uwrap_init_env: Initalize suid with 1000 UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000 UWRAP_DEBUG(3354) - uwrap_init_env: Initalize egid with 1000 UWRAP_DEBUG(3354) - uwrap_init_env: Initalize sgid with 1000 UWRAP_DEBUG(3354) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000 UWRAP_DEBUG(3354) - uwrap_init: Enabled uid_wrapper as user (real uid=1000) UWRAP_DEBUG(3354) - uwrap_init: Successfully initialized uid_wrapper UWRAP_DEBUG(3353) - uwrap_export_ids: uwrap_export_ids UWRAP_DEBUG(3353) - uwrap_init: Initialize uid_wrapper UWRAP_DEBUG(3353) - uwrap_init_env: uwrap_init_env UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000 UWRAP_DEBUG(3353) - uwrap_init_env: Initalize euid with 1000 UWRAP_DEBUG(3353) - uwrap_init_env: Initalize suid with 1000 UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000 UWRAP_DEBUG(3353) - uwrap_init_env: Initalize egid with 1000 UWRAP_DEBUG(3353) - uwrap_init_env: Initalize sgid with 1000 UWRAP_DEBUG(3353) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000 UWRAP_DEBUG(3353) - uwrap_init: Enabled uid_wrapper as user (real uid=1000) UWRAP_DEBUG(3353) - uwrap_init: Successfully initialized uid_wrapper Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
dbcheck: don't check expired tombstone objects by default anymore These will be removed anyway and any change on them risks to be an originating update that causes replication problems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144
blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck These tests operate on provision dumps created long ago, they still want to run tests on deleted objects, when the next commits remove processing expired tombstone objects in dbcheck. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
blackbox/dbcheck-links.sh: reproduce lost deleted object problem When a parent object is removed during the tombstone garbage collection before a child object and samba-tool dbcheck runs at the same time, the following can happen: - If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags, samba-tool dbcheck moves the object under the LostAndFound[Config] object (as an originating update!) - The lastKnownParent attribute is removed (as an originating update!) These originating updates cause the object to have an extended time as tombstone. And these changes are replicated to other DCs, which very likely already removed the object completely! This means the destination DC of replication has no chance to handle the object it gets from the source DC with just 2 attributes (name, lastKnownParent). The destination logs something like: No objectClass found in replPropertyMetaData BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
blackbox/*.sh: pass -u to 'diff' This is what we work with every day... BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
blackbox/dbcheck.sh: fix dbcheck_fix_one_way_links cleanup Commit 35bfc62a31c9ad73449594ddd48f76f50e0abade changed dbcheck to not regard old one-way-links as errors. At that time the relavant trigger changed from fix_all_string_dn_component_mismatch to fix_all_old_dn_string_component_mismatch. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2018-16853: Add a test to verify s4u2self doesn't crash BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
CVE-2018-16853: Fix kinit test on system lacking ldbsearch By fixing bindir variable name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
netcmd/ldapcmp: pass --skip-missing-dn to LDAPBase This option has default value False, and was actually not passed down from cli to LDAPBase. However, LDAPBase.__init__ has default value True for it. After the change, a few tests using ldapcmp are affected. Add --skip-missing-dn explicitly to keep the behavior consistent, otherwise test will fail. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs/blackbox: PY3 bulk change for python scripts use correct python Change all instance where python scripts are called so that the correct python version as specified by $PYTHON is used Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
dsdb: Add comments explaining the limitations of our current backlink behaviour BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Tim Beale <timbeale@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Oct 30 10:32:51 CET 2018 on sn-devel-144
testprogs/blackbox: add samba4.blackbox.test_primary_group test This demonstrates the bug, that happens when the primaryGroupID of a user is changed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs/blackbox: Use PYTHON env variable for calling python scripts Ensure samba-tool is called with correct python that is defined by $PYTHON Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>