testprogs/blackbox: add samba4.blackbox.test_primary_group test
[garming/samba-autobuild/.git] / source4 / selftest / tests.py
1 #!/usr/bin/python
2 # This script generates a list of testsuites that should be run as part of
3 # the Samba 4 test suite.
4
5 # The output of this script is parsed by selftest.pl, which then decides
6 # which of the tests to actually run. It will, for example, skip all tests
7 # listed in selftest/skip or only run a subset during "make quicktest".
8
9 # The idea is that this script outputs all of the tests of Samba 4, not
10 # just those that are known to pass, and list those that should be skipped
11 # or are known to fail in selftest/skip or selftest/knownfail. This makes it
12 # very easy to see what functionality is still missing in Samba 4 and makes
13 # it possible to run the testsuite against other servers, such as Samba 3 or
14 # Windows that have a different set of features.
15
16 # The syntax for a testsuite is "-- TEST --" on a single line, followed
17 # by the name of the test, the environment it needs and the command to run, all
18 # three separated by newlines. All other lines in the output are considered
19 # comments.
20 from __future__ import print_function
21
22 import os
23 import sys
24 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../selftest"))
25 import selftesthelpers
26 from selftesthelpers import bindir, srcdir, binpath, python
27 from selftesthelpers import configuration, plantestsuite
28 from selftesthelpers import planpythontestsuite, planperltestsuite
29 from selftesthelpers import plantestsuite_loadlist, extra_python
30 from selftesthelpers import skiptestsuite, source4dir, valgrindify
31 from selftesthelpers import smbtorture4_options, smbtorture4_testsuites
32 from selftesthelpers import smbtorture4, ntlm_auth3, samba3srcdir
33
34
35 print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr)
36
37
38 def plansmbtorture4testsuite(name, env, options, modname=None):
39     return selftesthelpers.plansmbtorture4testsuite(name, env, options,
40                                                     target='samba4', modname=modname)
41
42
43 samba4srcdir = source4dir()
44 samba4bindir = bindir()
45 validate = os.getenv("VALIDATE", "")
46 if validate:
47     validate_list = [validate]
48 else:
49     validate_list = []
50
51 nmblookup4 = binpath('nmblookup4')
52 smbclient4 = binpath('smbclient4')
53
54 bbdir = os.path.join(srcdir(), "testprogs/blackbox")
55
56 # Simple tests for LDAP and CLDAP
57 for auth_type in ['', '-k no', '-k yes']:
58     for auth_level in ['--option=clientldapsaslwrapping=plain', '--sign', '--encrypt']:
59         creds = '-U"$USERNAME%$PASSWORD"'
60         options = creds + ' ' + auth_type + ' ' + auth_level
61         plantestsuite("samba4.ldb.ldap with options %r(ad_dc_ntvfs)" % options, "ad_dc_ntvfs", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options))
62
63 # see if we support ADS on the Samba3 side
64 try:
65     config_h = os.environ["CONFIG_H"]
66 except KeyError:
67     config_h = os.path.join(samba4bindir, "default/include/config.h")
68
69 # check available features
70 config_hash = dict()
71 f = open(config_h, 'r')
72 try:
73     lines = f.readlines()
74     config_hash = dict((x[0], ' '.join(x[1:]))
75                        for x in map(lambda line: line.strip().split(' ')[1:],
76                                     filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
77 finally:
78     f.close()
79
80 have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
81
82 for options in ['-U"$USERNAME%$PASSWORD"']:
83     plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
84                   "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
85
86 creds_options = [
87     '--simple-bind-dn=$USERNAME@$REALM --password=$PASSWORD',
88 ]
89 peer_options = {
90     'SERVER_IP': '$SERVER_IP',
91     'SERVER_NAME': '$SERVER',
92     'SERVER.REALM': '$SERVER.$REALM',
93 }
94 tls_verify_options = [
95     '--option="tlsverifypeer=no_check"',
96     '--option="tlsverifypeer=ca_only"',
97     '--option="tlsverifypeer=ca_and_name_if_available"',
98     '--option="tlsverifypeer=ca_and_name"',
99     '--option="tlsverifypeer=as_strict_as_possible"',
100 ]
101
102 # we use :local for fl2008r2dc because of the self-signed certificate
103 for env in ["ad_dc_ntvfs", "fl2008r2dc:local"]:
104     for peer_key in peer_options.keys():
105         peer_val = peer_options[peer_key]
106         for creds in creds_options:
107             for tls_verify in tls_verify_options:
108                 options = creds + ' ' + tls_verify
109                 plantestsuite("samba4.ldb.simple.ldaps with options %s %s(%s)" % (
110                               peer_key, options, env), env,
111                               "%s/test_ldb_simple.sh ldaps %s %s" % (bbdir, peer_val, options))
112
113 # test all "ldap server require strong auth" combinations
114 for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
115     options = '--simple-bind-dn="$USERNAME@$REALM" --password="$PASSWORD"'
116     plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
117                   env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
118     options += ' --option="tlsverifypeer=no_check"'
119     plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
120                   env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
121
122     auth_options = [
123         '--option=clientldapsaslwrapping=plain',
124         '--sign',
125         '--encrypt',
126         '-k yes --option=clientldapsaslwrapping=plain',
127         '-k yes --sign',
128         '-k yes --encrypt',
129         '-k no --option=clientldapsaslwrapping=plain',
130         '-k no --sign --option=ntlmssp_client:ldap_style_send_seal=no',
131         '-k no --sign',
132         '-k no --encrypt',
133     ]
134
135     for auth_option in auth_options:
136         options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
137         plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
138                       env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
139     options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
140     plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
141                   env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
142
143 for options in ['-U"$USERNAME%$PASSWORD"']:
144     plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
145                   "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))
146
147 for t in smbtorture4_testsuites("ldap."):
148     plansmbtorture4testsuite(t, "ad_dc_ntvfs", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_')
149
150 ldbdir = os.path.join(srcdir(), "lib/ldb")
151 # Don't run LDB tests when using system ldb, as we won't have ldbtest installed
152 if os.path.exists(os.path.join(samba4bindir, "ldbtest")):
153     plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir))
154 else:
155     skiptestsuite("ldb.base", "Using system LDB, ldbtest not available")
156
157 plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
158                        "ad_dc_ntvfs:local",
159                        [python, os.path.join(samba4srcdir, "dsdb/tests/python/attr_from_server.py"),
160                         '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
161
162 # Tests for RPC
163
164 # add tests to this list as they start passing, so we test
165 # that they stay passing
166 ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
167 ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
168 drs_rpc_tests = smbtorture4_testsuites("drs.rpc")
169 ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
170 slow_ncacn_np_tests = ["rpc.samlogon", "rpc.samr", "rpc.samr.users", "rpc.samr.large-dc", "rpc.samr.users.privileges", "rpc.samr.passwords", "rpc.samr.passwords.pwdlastset", "rpc.samr.passwords.lockout", "rpc.samr.passwords.badpwdcount"]
171 slow_ncacn_ip_tcp_tests = ["rpc.cracknames"]
172
173 all_rpc_tests = ncalrpc_tests + ncacn_np_tests + ncacn_ip_tcp_tests + slow_ncacn_np_tests + slow_ncacn_ip_tcp_tests + ["rpc.lsa.secrets", "rpc.pac", "rpc.samba3-sharesec", "rpc.countcalls"]
174
175 # Make sure all tests get run
176 rpc_tests = smbtorture4_testsuites("rpc.")
177 auto_rpc_tests = filter(lambda t: t not in all_rpc_tests, rpc_tests)
178
179 for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
180     for transport in ["ncalrpc", "ncacn_np", "ncacn_ip_tcp"]:
181         env = "ad_dc_ntvfs"
182         if transport == "ncalrpc":
183             tests = ncalrpc_tests
184             env = "ad_dc_ntvfs:local"
185         elif transport == "ncacn_np":
186             tests = ncacn_np_tests
187         elif transport == "ncacn_ip_tcp":
188             tests = ncacn_ip_tcp_tests
189         else:
190             raise AssertionError("invalid transport %r" % transport)
191         for t in tests:
192             plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
193         plansmbtorture4testsuite('rpc.samba3-sharesec', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:share=tmp'], "samba4.rpc.samba3.sharesec on %s with %s" % (transport, bindoptions))
194
195 # Plugin S4 DC tests (confirms named pipe auth forwarding).  This can be expanded once kerberos is supported in the plugin DC
196 #
197 for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
198     for t in ncacn_np_tests:
199         env = "ad_dc"
200         transport = "ncacn_np"
201         plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
202
203 for bindoptions in [""] + validate_list + ["bigendian"]:
204     for t in auto_rpc_tests:
205         plansmbtorture4testsuite(t, "ad_dc_ntvfs", ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
206
207 t = "rpc.countcalls"
208 plansmbtorture4testsuite(t, "ad_dc_ntvfs:local", ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s" % t)
209
210 for transport in ["ncacn_np", "ncacn_ip_tcp"]:
211     env = "ad_dc_ntvfs"
212     if transport == "ncacn_np":
213         tests = slow_ncacn_np_tests
214     elif transport == "ncacn_ip_tcp":
215         tests = slow_ncacn_ip_tcp_tests
216     else:
217         raise AssertionError("Invalid transport %r" % transport)
218     for t in tests:
219         bindoptions = ''
220         if t == 'rpc.cracknames':
221             bindoptions = 'seal'
222         plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
223
224 # Tests for the DFS referral calls implementation
225 for t in smbtorture4_testsuites("dfs."):
226     plansmbtorture4testsuite(t, "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
227     plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
228
229 # Tests for the NET API (net.api.become.dc tested below against all the roles)
230 net_tests = filter(lambda x: "net.api.become.dc" not in x, smbtorture4_testsuites("net."))
231 for t in net_tests:
232     plansmbtorture4testsuite(t, "ad_dc_ntvfs", '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
233
234 # Tests for session keys and encryption of RPC pipes
235 # FIXME: Integrate these into a single smbtorture test
236
237 transport = "ncacn_np"
238 for env in ["ad_dc_ntvfs", "nt4_dc"]:
239     for ntlmoptions in [
240         "-k no --option=clientusespnego=yes",
241         "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no",
242         "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes",
243         "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no",
244         "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
245         "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
246         "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes",
247         "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
248         "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
249         "-k no --option=clientusespnego=no --option=clientntlmv2auth=yes",
250         "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes",
251         "-k no --option=clientusespnego=no"]:
252         name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
253         plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
254     plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient4, '$SMB_CONF_PATH', configuration])
255
256 gpo = smbtorture4_testsuites("gpo.")
257 for t in gpo:
258     plansmbtorture4testsuite(t, 'ad_dc:local', ['//$SERVER/sysvol', '-U$USERNAME%$PASSWORD'])
259
260 transports = ["ncacn_np", "ncacn_ip_tcp"]
261
262 # Kerberos varies between functional levels, so it is important to check this on all of them
263 for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc", "ad_dc"]:
264     transport = "ncacn_np"
265     plansmbtorture4testsuite('rpc.pac', env, ["%s:$SERVER[]" % (transport, ), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.pac on %s" % (transport,))
266     plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME', 'rpc.lsa.secrets'], "samba4.rpc.lsa.secrets on %s with Kerberos" % (transport,))
267     plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use target principal" % (transport,))
268     plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=dcom/$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dcom" % (transport,))
269     plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,))
270     plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal" % (transport,))
271     plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport)
272     plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME', '--option=gensec_krb5:send_authenticator_checksum=false'], "samba4.rpc.lsa.secrets on %s with Kerberos - use raw-krb5-no-authenticator-checksum style login" % transport)
273     plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:fake_gssapi_krb5=yes', '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login, use target principal" % transport)
274
275     # Winreg tests test bulk Kerberos encryption of DCE/RPC
276     # We test rpc.winreg here too, because the winreg interface if
277     # handled by the source3/rpc_server code.
278     for bindoptions in ["connect", "packet", "krb5", "krb5,packet", "krb5,sign", "krb5,seal", "spnego", "spnego,packet", "spnego,sign", "spnego,seal"]:
279         plansmbtorture4testsuite('rpc.winreg', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.winreg on %s with %s" % (transport, bindoptions))
280
281     for transport in transports:
282         plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, ))
283
284         # Echo tests test bulk Kerberos encryption of DCE/RPC
285         for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]:
286             echooptions = "--option=socket:testnonblock=True --option=torture:quick=yes -k yes"
287             plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), echooptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, echooptions))
288
289 for env in ["fl2000dc", "fl2008r2dc"]:
290     plansmbtorture4testsuite("net.api.become.dc", env, '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
291
292 for bindoptions in ["sign", "seal"]:
293     plansmbtorture4testsuite('rpc.backupkey', "ad_dc_ntvfs", ["ncacn_np:$SERVER[%s]" % (bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.backupkey with %s" % (bindoptions))
294
295 for transport in transports:
296     for bindoptions in ["sign", "seal"]:
297         for ntlmoptions in [
298             "--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes",
299             "--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes",
300             "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
301             "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
302             "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
303             "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
304             "--option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
305             "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes --option=torture:quick=yes",
306             "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes"]:
307             if transport == "ncalrpc":
308                 env = "ad_dc_ntvfs:local"
309             else:
310                 env = "ad_dc_ntvfs"
311             plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, ntlmoptions))
312
313 plansmbtorture4testsuite('rpc.echo', "ad_dc_ntvfs", ['ncacn_np:$SERVER[smb2]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on ncacn_np over smb2")
314 for env in ["ad_dc", "nt4_dc"]:
315     plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_np:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_np with object")
316     plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_ip_tcp:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_ip_tcp with object")
317
318 plansmbtorture4testsuite('ntp.signd', "ad_dc_ntvfs:local", ['ncacn_np:$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.ntp.signd")
319
320 nbt_tests = smbtorture4_testsuites("nbt.")
321 for t in nbt_tests:
322     plansmbtorture4testsuite(t, "ad_dc_ntvfs", "//$SERVER/_none_ -U\"$USERNAME%$PASSWORD\"")
323
324 # Tests against the NTVFS POSIX backend
325 ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"]
326
327 # Filter smb2 tests that should not run against ad_dc_ntvfs
328 smb2_s3only = [
329     "smb2.change_notify_disabled",
330     "smb2.dosmode",
331     "smb2.credits",
332     "smb2.kernel-oplocks",
333     "smb2.durable-v2-delay",
334 ]
335 smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only]
336
337 # The QFILEINFO-IPC test needs to be on ipc$
338 raw = list(filter(lambda x: "raw.qfileinfo.ipc" not in x, smbtorture4_testsuites("raw.")))
339 base = smbtorture4_testsuites("base.")
340
341 netapi = smbtorture4_testsuites("netapi.")
342
343 for t in base + raw + smb2 + netapi:
344     plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$SERVER/tmp', '-U$USERNAME%$PASSWORD'] + ntvfsargs)
345
346 libsmbclient = smbtorture4_testsuites("libsmbclient.")
347 protocols = [ 'NT1', 'SMB3' ]
348 for t in libsmbclient:
349     url = "smb://$USERNAME:$PASSWORD@$SERVER/tmp"
350     if t == "libsmbclient.list_shares":
351         url = "smb://$USERNAME:$PASSWORD@$SERVER"
352
353     for proto in protocols:
354         libsmbclient_testargs = ["--option=torture:smburl=" + url,
355                                  "--option=torture:replace_smbconf=%s/testdata/samba3/smb_new.conf" % srcdir(),
356                                  "--option=torture:clientprotocol=%s" % proto]
357         plansmbtorture4testsuite(t, "ad_dc", ['//$SERVER/tmp', '-U$USERNAME%$PASSWORD'] + libsmbclient_testargs, "samba4.%s.%s" % (t, proto))
358
359 plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
360
361 for t in smbtorture4_testsuites("rap."):
362     plansmbtorture4testsuite(t, "ad_dc_ntvfs", '//$SERVER/IPC\$ -U$USERNAME%$PASSWORD')
363
364 # Tests against the NTVFS CIFS backend
365 for t in base + raw:
366     plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=yes'] + ntvfsargs, modname="samba4.ntvfs.cifs.krb5.%s" % t)
367
368 # Test NTVFS CIFS backend with S4U2Self and S4U2Proxy
369 t = "base.unlink"
370 plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
371 plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=yes'] + ntvfsargs, "samba4.ntvfs.cifs.krb5.%s" % t)
372 plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
373
374 plansmbtorture4testsuite('echo.udp', 'ad_dc_ntvfs:local', '//$SERVER/whatever')
375
376 # Local tests
377 for t in smbtorture4_testsuites("local."):
378     # The local.resolve test needs a name to look up using real system (not emulated) name routines
379     plansmbtorture4testsuite(t, "none", "ncalrpc:localhost")
380
381 # Confirm these tests with the system iconv too
382 for t in ["local.convert_string_handle", "local.convert_string", "local.ndr"]:
383     options = "ncalrpc: --option='iconv:use_builtin_handlers=false'"
384     plansmbtorture4testsuite(t, "none", options,
385                              modname="samba4.%s.system.iconv" % t)
386
387 tdbtorture4 = binpath("tdbtorture")
388 if os.path.exists(tdbtorture4):
389     plantestsuite("tdb.stress", "none", valgrindify(tdbtorture4))
390 else:
391     skiptestsuite("tdb.stress", "Using system TDB, tdbtorture not available")
392
393 plansmbtorture4testsuite("drs.unit", "none", "ncalrpc:")
394
395 # Pidl tests
396 for f in sorted(os.listdir(os.path.join(samba4srcdir, "../pidl/tests"))):
397     if f.endswith(".pl"):
398         planperltestsuite("pidl.%s" % f[:-3], os.path.normpath(os.path.join(samba4srcdir, "../pidl/tests", f)))
399
400 # DNS tests
401 plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
402 plantestsuite_loadlist("samba.tests.dns", "rodc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
403 plantestsuite_loadlist("samba.tests.dns", "vampire_dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
404
405 plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns_forwarder.py"), '$SERVER', '$SERVER_IP', '$DNS_FORWARDER1', '$DNS_FORWARDER2', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
406
407 plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
408 plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
409
410 plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
411
412 for t in smbtorture4_testsuites("dns_internal."):
413     plansmbtorture4testsuite(t, "ad_dc_ntvfs:local", '//$SERVER/whavever')
414
415 # Local tests
416 for t in smbtorture4_testsuites("dlz_bind9."):
417     # The dlz_bind9 tests needs to look at the DNS database
418     plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
419
420 planpythontestsuite("nt4_dc", "samba.tests.libsmb_samba_internal", py3_compatible=True)
421
422 # Blackbox Tests:
423 # tests that interact directly with the command-line tools rather than using
424 # the API. These mainly test that the various command-line options of commands
425 # work correctly.
426
427 for env in ["ad_member", "s4member", "ad_dc_ntvfs", "chgdcpass"]:
428     plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
429
430 plantestsuite("samba4.blackbox.samba_tool(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
431 plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])
432
433 plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
434
435 if have_heimdal_support:
436     for env in ["ad_dc_ntvfs", "ad_dc"]:
437         plantestsuite("samba4.blackbox.pkinit(%s:local)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient4, configuration])
438         plantestsuite("samba4.blackbox.pkinit_pac(%s:local)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pkinit_pac_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", configuration])
439     plantestsuite("samba4.blackbox.kinit(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient4, configuration])
440     plantestsuite("samba4.blackbox.kinit(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "arcfour-hmac-md5", smbclient4, configuration])
441     plantestsuite("samba4.blackbox.kinit(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", smbclient4, configuration])
442     plantestsuite("samba4.blackbox.kinit_trust(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest", "aes256-cts-hmac-sha1-96"])
443     plantestsuite("samba4.blackbox.kinit_trust(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external", "arcfour-hmac-md5"])
444     plantestsuite("samba4.blackbox.export.keytab(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_heimdal.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
445     plantestsuite("samba4.blackbox.kpasswd(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
446 else:
447     plantestsuite("samba4.blackbox.kinit(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
448     plantestsuite("samba4.blackbox.kinit(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
449     plantestsuite("samba4.blackbox.kinit(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration])
450     plantestsuite("samba4.blackbox.kinit_trust(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
451     plantestsuite("samba4.blackbox.kinit_trust(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
452     plantestsuite("samba4.blackbox.export.keytab(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_mit.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4])
453     plantestsuite("samba4.blackbox.kpasswd(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
454
455 plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE'])
456 plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
457 plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
458 plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
459
460 plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
461 plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
462 plantestsuite("samba4.blackbox.trust_token", "fl2008r2dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'forest'])
463 plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
464 plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
465 plantestsuite("samba4.blackbox.password_settings(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_password_settings.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"])
466 plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
467 plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
468 plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
469 plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
470 plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
471 plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
472 plantestsuite("samba4.blackbox.rfc2307_mapping(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
473 plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4])
474 plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
475 plantestsuite("samba4.blackbox.net_ads(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
476 plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23'])
477 plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
478 plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
479 plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
480 plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX'])
481 plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "ad_dc_ntvfs", [valgrindify(smbtorture4), "$LISTOPT", "$LOADLIST", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo'])
482 # json tests hook into ``chgdcpass'' to make them run in contributor CI on
483 # gitlab
484 planpythontestsuite("chgdcpass", "samba.tests.blackbox.netads_json")
485
486 # Tests using the "Simple" NTVFS backend
487 for t in ["base.rw1"]:
488     plansmbtorture4testsuite(t, "ad_dc_ntvfs", ["//$SERVER/simple", '-U$USERNAME%$PASSWORD'], modname="samba4.ntvfs.simple.%s" % t)
489
490 # Domain S4member Tests
491 plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.echo against s4member server with local creds")
492 plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], "samba4.rpc.echo against s4member server with domain creds")
493 plansmbtorture4testsuite('rpc.samr', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr against s4member server with local creds")
494 plansmbtorture4testsuite('rpc.samr.users', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr.users against s4member server with local creds",)
495 plansmbtorture4testsuite('rpc.samr.passwords', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr.passwords against s4member server with local creds")
496 plantestsuite("samba4.blackbox.smbclient against s4member server with local creds", "s4member", [os.path.join(samba4srcdir, "client/tests/test_smbclient.sh"), '$NETBIOSNAME', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX', smbclient4])
497
498 # RPC Proxy
499 plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], modname="samba4.rpc.echo against rpc proxy with domain creds")
500
501 # Tests SMB signing
502 for mech in [
503     "-k no",
504     "-k no --option=clientusespnego=no",
505     "-k no --option=gensec:spengo=no",
506     "-k yes",
507     "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
508     for signing in ["--signing=on", "--signing=required"]:
509         signoptions = "%s %s" % (mech, signing)
510         name = "smb.signing on with %s" % signoptions
511         plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], modname="samba4.%s" % name)
512
513 for mech in [
514     "-k no",
515     "-k no --option=clientusespnego=no",
516     "-k no --option=gensec:spengo=no",
517     "-k yes"]:
518     signoptions = "%s --signing=off" % mech
519     name = "smb.signing disabled on with %s" % signoptions
520     plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
521     plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
522     plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], "samba4.%s" % name)
523     plansmbtorture4testsuite('base.xcopy', "ad_dc",
524                              ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
525
526 plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient4])
527 for mech in [
528     "-k no",
529     "-k no --option=clientusespnego=no",
530     "-k no --option=gensec:spengo=no"]:
531     signoptions = "%s --signing=off" % mech
532     plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)
533
534 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=yes', '-U%'], modname="samba4.smb.signing --signing=yes anon")
535 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=required', '-U%'], modname="samba4.smb.signing --signing=required anon")
536 plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=no', '-U%'], modname="samba4.smb.signing --signing=no anon")
537
538
539 wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""]
540
541 winbind_ad_client_tests = smbtorture4_testsuites("winbind.struct") + smbtorture4_testsuites("winbind.pac")
542 winbind_wbclient_tests = smbtorture4_testsuites("winbind.wbclient")
543 for env in ["ad_dc", "s4member", "ad_member", "nt4_member"]:
544     wb_opts = wb_opts_default[:]
545     if env in ["ad_member"]:
546         wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""]
547     for t in winbind_ad_client_tests:
548         plansmbtorture4testsuite(t, "%s:local" % env, wb_opts + ['//$SERVER/tmp', '--realm=$REALM', '--machine-pass', '--option=torture:addc=$DC_SERVER'])
549
550 for env in ["nt4_dc", "fl2003dc"]:
551     for t in winbind_wbclient_tests:
552         plansmbtorture4testsuite(t, "%s:local" % env, '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
553
554 for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass", "rodc"]:
555     tests = ["--ping", "--separator",
556              "--own-domain",
557              "--all-domains",
558              "--trusted-domains",
559              "--domain-info=BUILTIN",
560              "--domain-info=$DOMAIN",
561              "--online-status",
562              "--online-status --domain=BUILTIN",
563              "--online-status --domain=$DOMAIN",
564              "--check-secret --domain=$DOMAIN",
565              "--change-secret --domain=$DOMAIN",
566              "--check-secret --domain=$DOMAIN",
567              "--online-status --domain=$DOMAIN",
568              "--domain-users",
569              "--domain-groups",
570              "--name-to-sid=$DC_USERNAME",
571              "--name-to-sid=$DOMAIN/$DC_USERNAME",
572              "--user-info=$DOMAIN/$DC_USERNAME",
573              "--user-groups=$DOMAIN/$DC_USERNAME",
574              "--authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD",
575              "--allocate-uid",
576              "--allocate-gid"]
577
578     for t in tests:
579         plantestsuite("samba.wbinfo_simple.%s" % (t.replace(" --", ".").replace("--", "")), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
580
581     plantestsuite(
582         "samba.wbinfo_sids2xids.(%s:local)" % env, "%s:local" % env,
583         [os.path.join(samba3srcdir, "script/tests/test_wbinfo_sids2xids.sh")])
584
585     plantestsuite(
586         "samba.ntlm_auth.diagnostics(%s:local)" % env, "%s:local" % env,
587         [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_diagnostics.sh"), ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
588
589     plantestsuite("samba.ntlm_auth.(%s:local)" % env, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
590
591 for env in ["s4member_dflt_domain", "s4member"]:
592     for cmd in ["id", "getent"]:
593         users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
594         if env == "s4member":
595             users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"]
596         for usr in users:
597             plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir, cmd, usr))
598
599 nsstest4 = binpath("nsstest")
600 for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]:
601     if os.path.exists(nsstest4):
602         plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "shared/libnss_wrapper_winbind.so.2")])
603     else:
604         skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
605
606 subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
607 if extra_python is not None:
608     subunitrun3 = valgrindify(extra_python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
609
610
611 def planoldpythontestsuite(env, module, name=None, extra_path=[], environ={}, extra_args=[], py3_compatible=False):
612     environ = dict(environ)
613     py_path = list(extra_path)
614     if py_path:
615         environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
616     args = ["%s=%s" % item for item in environ.items()]
617     args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
618     args += extra_args
619     if name is None:
620         name = module
621     plantestsuite_loadlist(name, env, args)
622     if py3_compatible and extra_python is not None:
623         args[args.index(subunitrun)] = subunitrun3
624         plantestsuite_loadlist(name + ".python3", env, args)
625
626
627 planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
628 planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python",  py3_compatible=True)
629 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.sam", py3_compatible=True)
630 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dsdb", py3_compatible=True)
631 planpythontestsuite("none", "samba.tests.dsdb_lock", py3_compatible=True)
632 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.bare", py3_compatible=True)
633 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.unix", py3_compatible=True)
634 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc")
635 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.timecmd", py3_compatible=True)
636 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.join", py3_compatible=True)
637
638 planpythontestsuite("none", "samba.tests.samba_tool.visualize", py3_compatible=True)
639
640
641 # test fsmo show
642 for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
643     planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo", py3_compatible=True)
644
645 # test user.edit
646 for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
647     plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
648
649 # We run this test against both AD DC implemetnations because it is
650 # the only test we have of GPO get/set behaviour, and this involves
651 # the file server as well as the LDAP server.
652 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo")
653 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo")
654
655 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True)
656 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True)
657 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user_wdigest",  py3_compatible=True)
658 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.user", py3_compatible=True)
659 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.user_virtualCryptSHA", py3_compatible=True)
660 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script", py3_compatible=True)
661 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.group", py3_compatible=True)
662 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.ou", py3_compatible=True)
663 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.computer", py3_compatible=True)
664 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.forest", py3_compatible=True)
665 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.schema", py3_compatible=True)
666 planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl", py3_compatible=True)
667 planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check",  py3_compatible=True)
668 planpythontestsuite("none", "samba.tests.samba_tool.help", py3_compatible=True)
669 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.passwordsettings", py3_compatible=True)
670
671 # Run these against chgdcpass to share the runtime load
672 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.sites", py3_compatible=True)
673 planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.dnscmd", py3_compatible=True)
674
675 # Run this against chgdcpass to ensure at least one python3 test
676 # against this autobuild target (samba-ad-dc-2)
677 planpythontestsuite("chgdcpass:local", "samba.tests.dcerpc.rpcecho", py3_compatible=True)
678
679 planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
680 planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"'])
681 planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
682 planoldpythontestsuite("ad_dc:local", "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
683
684 planoldpythontestsuite(
685     "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
686     extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
687
688 planoldpythontestsuite(
689     "ad_dc:local", "samba.tests.ntacls_backup",
690     extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
691
692 planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
693 planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
694 planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
695 if have_heimdal_support:
696     planoldpythontestsuite("ad_dc:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
697                            environ={'CLIENT_IP': '127.0.0.11',
698                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
699     planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
700                            environ={'CLIENT_IP': '127.0.0.11',
701                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
702     planoldpythontestsuite("ad_dc:local", "samba.tests.auth_log_pass_change", extra_args=['-U"$USERNAME%$PASSWORD"'],
703                            environ={'CLIENT_IP': '127.0.0.11',
704                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
705     planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log_pass_change", extra_args=['-U"$USERNAME%$PASSWORD"'],
706                            environ={'CLIENT_IP': '127.0.0.11',
707                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
708     planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log_ncalrpc", extra_args=['-U"$USERNAME%$PASSWORD"'])
709     planoldpythontestsuite("ad_dc:local", "samba.tests.auth_log_ncalrpc", extra_args=['-U"$USERNAME%$PASSWORD"'])
710     planoldpythontestsuite("ad_dc:local", "samba.tests.auth_log_samlogon",
711                            extra_args=['-U"$USERNAME%$PASSWORD"'],
712                            environ={'CLIENT_IP': '127.0.0.11',
713                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
714     planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log_samlogon",
715                            extra_args=['-U"$USERNAME%$PASSWORD"'],
716                            environ={'CLIENT_IP': '127.0.0.11',
717                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
718     planoldpythontestsuite("ad_dc:local", "samba.tests.auth_log_netlogon",
719                            extra_args=['-U"$USERNAME%$PASSWORD"'],
720                            environ={'CLIENT_IP': '127.0.0.11',
721                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
722     planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log_netlogon",
723                            extra_args=['-U"$USERNAME%$PASSWORD"'],
724                            environ={'CLIENT_IP': '127.0.0.11',
725                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
726     planoldpythontestsuite("ad_dc:local",
727                            "samba.tests.auth_log_netlogon_bad_creds",
728                            extra_args=['-U"$USERNAME%$PASSWORD"'],
729                            environ={'CLIENT_IP': '127.0.0.11',
730                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
731     planoldpythontestsuite("ad_dc_ntvfs:local",
732                            "samba.tests.auth_log_netlogon_bad_creds",
733                            extra_args=['-U"$USERNAME%$PASSWORD"'],
734                            environ={'CLIENT_IP': '127.0.0.11',
735                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
736     planoldpythontestsuite("ad_dc:local", "samba.tests.audit_log_pass_change",
737                            extra_args=['-U"$USERNAME%$PASSWORD"'],
738                            environ={'CLIENT_IP': '127.0.0.11',
739                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
740     planoldpythontestsuite("ad_dc:local", "samba.tests.audit_log_dsdb",
741                            extra_args=['-U"$USERNAME%$PASSWORD"'],
742                            environ={'CLIENT_IP': '127.0.0.11',
743                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
744     planoldpythontestsuite("ad_dc:local", "samba.tests.group_audit",
745                            extra_args=['-U"$USERNAME%$PASSWORD"'],
746                            environ={'CLIENT_IP': '127.0.0.11',
747                                     'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
748
749 planoldpythontestsuite("fl2008r2dc:local",
750                        "samba.tests.getdcname",
751                        extra_args=['-U"$USERNAME%$PASSWORD"'],
752                        py3_compatible=True)
753
754 planoldpythontestsuite("ad_dc",
755                        "samba.tests.net_join_no_spnego",
756                        extra_args=['-U"$USERNAME%$PASSWORD"'],
757                        py3_compatible=True)
758 planoldpythontestsuite("ad_dc",
759                        "samba.tests.net_join",
760                        extra_args=['-U"$USERNAME%$PASSWORD"'],
761                        py3_compatible=True)
762 # Need to test the password hashing in multiple environments to ensure that
763 # all the possible options are covered
764 #
765 # ad_dc:local functional_level >= 2008, gpg keys available
766 planoldpythontestsuite("ad_dc:local",
767                        "samba.tests.password_hash_gpgme",
768                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
769 # ad_dc_ntvfs:local functional level >= 2008, gpg keys not available
770 planoldpythontestsuite("ad_dc_ntvfs:local",
771                        "samba.tests.password_hash_fl2008",
772                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
773 # fl2003dc:local functional level < 2008, gpg keys not available
774 planoldpythontestsuite("fl2003dc:local",
775                        "samba.tests.password_hash_fl2003",
776                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
777 # ad_dc: wDigest values over ldap
778 planoldpythontestsuite("ad_dc",
779                        "samba.tests.password_hash_ldap",
780                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
781 planoldpythontestsuite("ad_dc:local",
782                        "samba.tests.domain_backup",
783                        extra_args=['-U"$USERNAME%$PASSWORD"'])
784 planoldpythontestsuite("none",
785                        "samba.tests.domain_backup_offline")
786 # Encrypted secrets
787 # ensure default provision (ad_dc) and join (vampire_dc)
788 # encrypt secret values on disk.
789 planoldpythontestsuite("ad_dc:local",
790                        "samba.tests.encrypted_secrets",
791                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
792 planoldpythontestsuite("vampire_dc:local",
793                        "samba.tests.encrypted_secrets",
794                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
795 # The fl2000dc environment is provisioned with the --plaintext_secrets option
796 # so this test will fail, which proves the secrets are not being encrypted.
797 # There is an entry in known_fail.d.
798 planoldpythontestsuite("fl2000dc:local",
799                        "samba.tests.encrypted_secrets",
800                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
801
802 planpythontestsuite("none",
803                     "samba.tests.lsa_string",
804                     py3_compatible=True)
805
806 planoldpythontestsuite("ad_dc_ntvfs",
807                        "samba.tests.krb5_credentials",
808                        py3_compatible=True,
809                        extra_args=['-U"$USERNAME%$PASSWORD"'])
810
811 for env in ["ad_dc_ntvfs", "vampire_dc", "promoted_dc"]:
812     planoldpythontestsuite(env,
813                            "samba.tests.py_credentials",
814                            extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
815 planoldpythontestsuite("ad_dc_ntvfs",
816                        "samba.tests.emulate.traffic",
817                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
818 planoldpythontestsuite("ad_dc_ntvfs",
819                        "samba.tests.emulate.traffic_packet",
820                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
821 planoldpythontestsuite("ad_dc_ntvfs",
822                        "samba.tests.blackbox.traffic_replay",
823                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
824 planoldpythontestsuite("ad_dc_ntvfs",
825                        "samba.tests.blackbox.traffic_learner",
826                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
827 planoldpythontestsuite("ad_dc_ntvfs",
828                        "samba.tests.blackbox.traffic_summary",
829                        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
830 planoldpythontestsuite("none", "samba.tests.loadparm")
831
832 #
833 # Want a selection of environments across the process models
834 #
835 for env in ["ad_dc_ntvfs:local", "ad_dc:local",
836             "fl2003dc:local", "fl2008r2dc:local",
837             "promoted_dc:local"]:
838     planoldpythontestsuite(env, "samba.tests.blackbox.smbcontrol", py3_compatible=True)
839
840 plantestsuite_loadlist("samba4.ldap.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
841 plantestsuite_loadlist("samba4.tokengroups.krb5.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(samba4srcdir, "dsdb/tests/python/token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'yes', '$LOADLIST', '$LISTOPT'])
842 plantestsuite_loadlist("samba4.tokengroups.ntlm.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(samba4srcdir, "dsdb/tests/python/token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'no', '$LOADLIST', '$LISTOPT'])
843 plantestsuite("samba4.sam.python(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(samba4srcdir, "dsdb/tests/python/sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
844 plantestsuite("samba4.sam.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
845 plantestsuite("samba4.user_account_control.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
846 planoldpythontestsuite("ad_dc_ntvfs", "dsdb_schema_info",
847                        extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
848                        name="samba4.schemaInfo.python(ad_dc_ntvfs)",
849         extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'], py3_compatible=True)
850
851 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dsdb_schema_attributes", py3_compatible=True)
852
853 plantestsuite_loadlist("samba4.urgent_replication.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(samba4srcdir, "dsdb/tests/python/urgent_replication.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
854 plantestsuite_loadlist("samba4.ldap.dirsync.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/dirsync.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
855 plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
856 plantestsuite_loadlist("samba4.ldap.notification.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/notification.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
857 plantestsuite_loadlist("samba4.ldap.sites.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/sites.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
858
859 plantestsuite_loadlist("samba4.ldap.sort.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/sort.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
860 plantestsuite_loadlist("samba4.ldap.vlv.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/vlv.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
861 plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(samba4srcdir, "dsdb/tests/python/linked_attributes.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
862
863 # These should be the first tests run against testenvs created by backup/restore
864 for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
865     # check that a restored DC matches the original DC (backupfromdc)
866     plantestsuite("samba4.blackbox.ldapcmp_restore", env,
867                   ["PYTHON=%s" % python,
868                    os.path.join(bbdir, "ldapcmp_restoredc.sh"),
869                    '$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
870
871 # we also test joining backupfromdc here, as it's a bit special in that it
872 # doesn't have Default-First-Site-Name
873 for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
874             'labdc']:
875     # basic test that we can join the testenv DC
876     plantestsuite("samba4.blackbox.join_ldapcmp", env,
877                   ["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
878
879 plantestsuite_loadlist("samba4.ldap.rodc.python(rodc)", "rodc",
880                        [python,
881                         os.path.join(samba4srcdir, "dsdb/tests/python/rodc.py"),
882                         '$SERVER', '-U"$USERNAME%$PASSWORD"',
883                         '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
884
885 plantestsuite_loadlist("samba4.ldap.rodc_rwdc.python(rodc)", "rodc:local",
886                        [python,
887                         os.path.join(samba4srcdir,
888                                      "dsdb/tests/python/rodc_rwdc.py"),
889                         '$SERVER', '$DC_SERVER', '-U"$USERNAME%$PASSWORD"',
890                         '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
891
892 planoldpythontestsuite("rodc:local", "replica_sync_rodc",
893                        extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
894                        name="samba4.drs.replica_sync_rodc.python(rodc)",
895                        environ={'DC1': '$DC_SERVER', 'DC2': '$RODC_DC_SERVER'},
896                        extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
897                        py3_compatible=True)
898
899 planoldpythontestsuite("ad_dc_ntvfs", "password_settings",
900                        extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
901                        name="samba4.ldap.passwordsettings.python",
902                        extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
903                        py3_compatible=True)
904
905 for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
906     plantestsuite_loadlist("samba4.ldap_schema.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/tests/python/ldap_schema.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
907     plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"])
908     plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/tests/python/sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
909     plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/tests/python/acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
910     if env != "fl2000dc":
911         # This test makes excessive use of the "userPassword" attribute which
912         # isn't available on DCs with Windows 2000 domain function level -
913         # therefore skip it in that configuration
914         plantestsuite_loadlist("samba4.ldap.passwords.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/tests/python/passwords.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", '$LOADLIST', '$LISTOPT'])
915
916 env = "ad_dc_ntvfs"
917 plantestsuite_loadlist("samba4.ldap.confidential_attr.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/tests/python/confidential_attr.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
918
919 for env in ["ad_dc_ntvfs"]:
920     # This test takes a lot of time, so we run it against a minimum of
921     # environments, please only add new ones if there's really a
922     # difference we need to test
923     plantestsuite_loadlist("samba4.ldap.password_lockout.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/tests/python/password_lockout.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", '$LOADLIST', '$LISTOPT'])
924     planoldpythontestsuite(env, "tombstone_reanimation",
925                            name="samba4.tombstone_reanimation.python",
926                            environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME', 'TEST_PASSWORD': '$PASSWORD'},
927                            extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], py3_compatible=True
928                            )
929
930 # this is a basic sanity-check of Kerberos/NTLM user login
931 for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc"]:
932     plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env,
933                            [python, os.path.join(samba4srcdir, "dsdb/tests/python/login_basics.py"),
934                             "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM",
935                             '$LOADLIST', '$LISTOPT'])
936
937 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.upgradeprovisionneeddc", py3_compatible=True)
938 planpythontestsuite("ad_dc:local", "samba.tests.posixacl", py3_compatible=True)
939 planpythontestsuite("ad_dc_no_nss:local", "samba.tests.posixacl", py3_compatible=True)
940 plantestsuite_loadlist("samba4.deletetest.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/deletetest.py"),
941                                                                                 '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
942 plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
943 plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
944 plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
945 plantestsuite("samba4.blackbox.supported_features", "none",
946               ["PYTHON=%s" % python,
947                os.path.join(samba4srcdir,
948                             "setup/tests/blackbox_supported_features.sh"),
949                '$PREFIX/provision'])
950 plantestsuite("samba4.blackbox.start_backup", "none",
951               ["PYTHON=%s" % python,
952                os.path.join(samba4srcdir,
953                             "setup/tests/blackbox_start_backup.sh"),
954                '$PREFIX/provision'])
955 plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision'])
956 plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision'])
957 plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision'])
958 plantestsuite("samba4.blackbox.group.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_group.sh"), '$PREFIX/provision'])
959 plantestsuite("samba4.blackbox.spn.py(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_spn.sh"), '$PREFIX/ad_dc_ntvfs'])
960 plantestsuite_loadlist("samba4.ldap.bind(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(srcdir(), "auth/credentials/tests/bind.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '$LOADLIST', '$LISTOPT'])
961
962 # This makes sure we test the rid allocation code
963 t = "rpc.samr.large-dc"
964 plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname=("samba4.%s.one" % t))
965 plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s.two" % t)
966
967 # RPC smoke-tests for testenvs of interest (RODC, etc)
968 for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
969     plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
970     plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
971     plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
972     plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
973     plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
974
975 planpythontestsuite("rodc:local", "samba.tests.samba_tool.rodc", py3_compatible=True)
976
977 plantestsuite("samba.blackbox.rpcclient_samlogon", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
978                                                                   "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
979
980 plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
981                                                                               "testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
982
983 plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
984                                                                              "testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
985
986
987 plantestsuite("samba4.blackbox.provision-backend", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision-backend.sh"), '$PREFIX/provision'])
988
989 # Test renaming the DC
990 plantestsuite("samba4.blackbox.renamedc.sh", "none", ["PYTHON=%s" % python, os.path.join(bbdir, "renamedc.sh"), '$PREFIX/provision'])
991
992 # DRS python tests
993
994 env = 'vampire_dc'
995 planoldpythontestsuite(env, "ridalloc_exop",
996                        extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
997                        name="samba4.drs.ridalloc_exop.python(%s)" % env,
998                        environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
999                        extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1000                        py3_compatible=True)
1001
1002 for env in ['vampire_dc', 'promoted_dc']:
1003     planoldpythontestsuite("%s:local" % env, "samba_tool_drs",
1004                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1005                            name="samba4.drs.samba_tool_drs.python(%s)" % env,
1006                            environ={'DC1': '$DC_SERVER', 'DC2': '$%s_SERVER' % env.upper()},
1007                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1008                            py3_compatible=True)
1009     planoldpythontestsuite("%s:local" % env, "samba_tool_drs_showrepl",
1010                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1011                            name="samba4.drs.samba_tool_drs_showrepl.python(%s)" % env,
1012                            environ={'DC1': '$DC_SERVER', 'DC2': '$%s_SERVER' % env.upper()},
1013                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1014                            py3_compatible=True)
1015     planoldpythontestsuite("%s:local" % env, "replica_sync",
1016                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1017                            name="samba4.drs.replica_sync.python(%s)" % env,
1018                            environ={'DC1': '$DC_SERVER', 'DC2': '$%s_SERVER' % env.upper()},
1019                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1020                            py3_compatible=True)
1021     planoldpythontestsuite(env, "delete_object",
1022                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1023                            name="samba4.drs.delete_object.python(%s)" % env,
1024                            environ={'DC1': '$DC_SERVER', 'DC2': '$%s_SERVER' % env.upper()},
1025                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1026                            py3_compatible=True)
1027     planoldpythontestsuite(env, "fsmo",
1028                            name="samba4.drs.fsmo.python(%s)" % env,
1029                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1030                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1031                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1032                            py3_compatible=True)
1033     planoldpythontestsuite(env, "repl_move",
1034                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1035                            name="samba4.drs.repl_move.python(%s)" % env,
1036                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1037                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1038                            py3_compatible=True)
1039     planoldpythontestsuite(env, "getnc_exop",
1040                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1041                            name="samba4.drs.getnc_exop.python(%s)" % env,
1042                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1043                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1044                            py3_compatible=True)
1045     planoldpythontestsuite(env, "getnc_unpriv",
1046                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1047                            name="samba4.drs.getnc_unpriv.python(%s)" % env,
1048                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1049                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1050                            py3_compatible=True)
1051     planoldpythontestsuite(env, "linked_attributes_drs",
1052                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1053                            name="samba4.drs.linked_attributes_drs.python(%s)" % env,
1054                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1055                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
1056     planoldpythontestsuite(env, "link_conflicts",
1057                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1058                            name="samba4.drs.link_conflicts.python(%s)" % env,
1059                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1060                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1061                            py3_compatible=True)
1062
1063 for env in ['vampire_dc', 'promoted_dc', 'vampire_2000_dc']:
1064     planoldpythontestsuite(env, "repl_schema",
1065                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1066                            name="samba4.drs.repl_schema.python(%s)" % env,
1067                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1068                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1069                            py3_compatible=True)
1070
1071 # A side-effect of the getncchanges tests is that they will create hundreds of
1072 # tombstone objects, so run them last to avoid interferring with (and slowing
1073 # down) the other DRS tests
1074 for env in ['vampire_dc', 'promoted_dc']:
1075     planoldpythontestsuite(env, "getncchanges",
1076                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1077                            name="samba4.drs.getncchanges.python(%s)" % env,
1078                            environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()},
1079                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1080                            py3_compatible=True)
1081
1082 for env in ['ad_dc_ntvfs']:
1083     planoldpythontestsuite(env, "repl_rodc",
1084                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1085                            name="samba4.drs.repl_rodc.python(%s)" % env,
1086                            environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
1087                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1088                            py3_compatible=True)
1089     planoldpythontestsuite(env, "samba.tests.join",
1090                            name="samba.tests.join.python(%s)" % env,
1091                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1092                            py3_compatible=True)
1093     planoldpythontestsuite(env, "cracknames",
1094                            extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
1095                            name="samba4.drs.cracknames.python(%s)" % env,
1096                            environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
1097                            extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'],
1098                            py3_compatible=True)
1099
1100 planoldpythontestsuite("chgdcpass:local", "samba.tests.blackbox.samba_dnsupdate",
1101                        environ={'DNS_SERVER_IP': '$SERVER_IP'})
1102
1103 for env in ["ad_dc_ntvfs", "s4member", "rodc", "promoted_dc", "ad_dc", "ad_member"]:
1104     plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env])
1105
1106 #
1107 # KDC Tests
1108 #
1109
1110 # This test is for users cached at the RODC
1111 plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD',
1112                                               '--workgroup=$DOMAIN', '--realm=$REALM',
1113                                               '--option=torture:krb5-upn=testdenied_upn@$REALM.upn',
1114                                               '--option=torture:expect_rodc=true'],
1115                          "samba4.krb5.kdc with account DENIED permission to replicate to an RODC")
1116 plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestallowed\ account%$PASSWORD',
1117                                               '--workgroup=$DOMAIN', '--realm=$REALM',
1118                                               '--option=torture:expect_machine_account=true',
1119                                               '--option=torture:krb5-upn=testallowed\ upn@$REALM',
1120                                               '--option=torture:krb5-hostname=testallowed',
1121                                               '--option=torture:expect_rodc=true',
1122                                               '--option=torture:expect_cached_at_rodc=true'],
1123                          "samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC")
1124
1125 # This ensures we have correct behaviour on a server that is not not the PDC emulator
1126 env = "promoted_dc"
1127 plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'],
1128                          "samba4.krb5.kdc with specified account")
1129 plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestupnspn%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM',
1130                                            '--option=torture:expect_machine_account=true',
1131                                            '--option=torture:krb5-upn=http/testupnspn.$DNSNAME@$REALM',
1132                                            '--option=torture:krb5-hostname=testupnspn.$DNSNAME',
1133                                            '--option=torture:krb5-service=http'],
1134                          "samba4.krb5.kdc with account having identical UPN and SPN")
1135
1136
1137 for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
1138     if env == "rodc":
1139         # The machine account is cached at the RODC, as it is the local account
1140         extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true']
1141     else:
1142         extra_options = []
1143
1144     plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P',
1145                                                             '--workgroup=$DOMAIN', '--realm=$REALM',
1146                                                             '--option=torture:krb5-hostname=$SERVER',
1147                                                             '--option=torture:run_removedollar_test=true',
1148                                                             '--option=torture:expect_machine_account=true'] + extra_options,
1149                              "samba4.krb5.kdc with machine account")
1150
1151
1152 for env in [
1153         'vampire_dc',
1154         'promoted_dc']:
1155     planoldpythontestsuite(env, "samba.tests.kcc",
1156                            name="samba.tests.kcc",
1157                            environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME',
1158                                     'TEST_PASSWORD': '$PASSWORD',
1159                                     'TEST_ENV': env
1160                                     },
1161                            extra_path=[os.path.join(srcdir(), "samba/python"), ],
1162                            py3_compatible=True)
1163     planpythontestsuite(env, "samba.tests.samba_tool.visualize_drs", py3_compatible=True)
1164
1165 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.kcc.kcc_utils", py3_compatible=True)
1166
1167 for env in ["simpleserver", "fileserver", "nt4_dc", "ad_dc", "ad_dc_ntvfs",
1168             "ad_member", "offlinebackupdc", "restoredc", "renamedc", "labdc"]:
1169     planoldpythontestsuite(env, "netlogonsvc",
1170                            extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
1171                            name="samba.tests.netlogonsvc.python(%s)" % env,
1172                            py3_compatible=True)
1173
1174 for env in ["ktest", "ad_member", "ad_dc_no_ntlm"]:
1175     planoldpythontestsuite(env, "ntlmdisabled",
1176                            extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
1177                            name="samba.tests.ntlmdisabled.python(%s)" % env,
1178                            py3_compatible=True)
1179
1180 # Demote the vampire DC, it must be the last test each DC, before the dbcheck
1181 for env in ['vampire_dc', 'promoted_dc', 'rodc']:
1182     planoldpythontestsuite(env, "samba.tests.samba_tool.demote",
1183                            name="samba.tests.samba_tool.demote",
1184                            environ={
1185                                'CONFIGFILE': '$PREFIX/%s/etc/smb.conf' % env
1186                            },
1187                            extra_args=['-U"$USERNAME%$PASSWORD"'],
1188                            extra_path=[os.path.join(srcdir(), "samba/python")]
1189                            )
1190 # TODO: Verifying the databases really should be a part of the
1191 # environment teardown.
1192 # check the databases are all OK. PLEASE LEAVE THIS AS THE LAST TEST
1193 for env in ["ad_dc_ntvfs", "ad_dc", "fl2000dc", "fl2003dc", "fl2008r2dc",
1194             'vampire_dc', 'promoted_dc', 'backupfromdc', 'restoredc',
1195             'renamedc', 'offlinebackupdc', 'labdc']:
1196     plantestsuite("samba4.blackbox.dbcheck(%s)" % env, env + ":local", ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck.sh"), '$PREFIX/provision', configuration])
1197
1198 #
1199 # Tests to verify bug 13653 https://bugzilla.samba.org/show_bug.cgi?id=13653
1200 # ad_dc has an lmdb backend, ad_dc_ntvfs has a tdb backend.
1201 #
1202 planoldpythontestsuite("ad_dc_ntvfs:local",
1203                        "samba.tests.blackbox.bug13653",
1204                        extra_args=['-U"$USERNAME%$PASSWORD"'],
1205                        environ={'TEST_ENV': 'ad_dc_ntvfs'},
1206                        py3_compatible=True)
1207 planoldpythontestsuite("ad_dc:local",
1208                        "samba.tests.blackbox.bug13653",
1209                        extra_args=['-U"$USERNAME%$PASSWORD"'],
1210                        environ={'TEST_ENV': 'ad_dc'},
1211                        py3_compatible=True)
1212 # cmocka tests not requiring a specific environment
1213 #
1214 plantestsuite("samba4.dsdb.samdb.ldb_modules.unique_object_sids", "none",
1215               [os.path.join(bindir(), "test_unique_object_sids")])
1216 plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.tdb", "none",
1217               [os.path.join(bindir(), "test_encrypted_secrets_tdb")])
1218 plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb", "none",
1219               [os.path.join(bindir(), "test_encrypted_secrets_mdb")])
1220 plantestsuite("lib.audit_logging.audit_logging", "none",
1221               [os.path.join(bindir(), "audit_logging_test")])
1222 plantestsuite("lib.audit_logging.audit_logging.errors", "none",
1223               [os.path.join(bindir(), "audit_logging_error_test")])
1224 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_util", "none",
1225               [os.path.join(bindir(), "test_audit_util")])
1226 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log", "none",
1227               [os.path.join(bindir(), "test_audit_log")])
1228 plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log.errors", "none",
1229               [os.path.join(bindir(), "test_audit_log_errors")])
1230 plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit", "none",
1231               [os.path.join(bindir(), "test_group_audit")])
1232 plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit.errors", "none",
1233               [os.path.join(bindir(), "test_group_audit_errors")])