smbtorture: update selftest files

This includes a new subdirectory expectedfail.d which includes all tests
expected to always fail.

Head of samba repo when this copy was made
0caaa2d1723 (vfs: Remove shadow_copy2_get_real_filename_at(), 2024-01-11)

Signed-off-by: Sachin Prabhu <[email protected]>

Author: spuiuk

testcases/smbtorture/selftest/README

@@ -1,4 +1,4 @@
 Scripts and modules copied over from the samba source tree.
 
 At the time of copy, the samba head is at
-7938d94d12e s4-selftest: add net offlinejoin tests
+0caaa2d1723 (vfs: Remove shadow_copy2_get_real_filename_at(), 2024-01-11)

testcases/smbtorture/selftest/expectedfail.d/README

@@ -0,0 +1,22 @@
+# Files in this directory contain lists of regular expressions
+# matching the names of tests that are *necessarily* expected to fail.
+#
+# "make test" will not report failures for tests listed here and will
+# consider a successful run for any of these tests an error.
+#
+# They differ from the knownfail tests (selftest/knownfail.d) in that
+# the lack of failure here is definitely a problem. The knownfail
+# tests might be fixed one day, even accidentally, but these ones will
+# not.
+#
+# Before adding tests here, consider rewriting the test so that the
+# expected result is a failure. The tests in here are typically
+# testing the use of some protocol or feature on a server that has
+# that feature turned off. The same tests will also be run against
+# another server where they do not fail. The downside of this method
+# is we don't know that these expected fail tests are failing in the
+# right way.
+#
+# Empty lines and lines beginning with '#' are ignored.
+#
+# Please don't add tests to this README!

testcases/smbtorture/selftest/expectedfail.d/encrypted_secrets

@@ -0,0 +1,13 @@
+# The fl2000dc environment is provisioned with the --plaintext-secrets option
+# running the ecnrypted secrets tests on it and expecting them to fail.
+# verifies that:
+#   * --plaintext-secrets option correctly provisions a domain
+#   * the dsdb operational module correctly handles unencrypted secrets
+#   * secrets are not stored as encrypted text when this option is specified
+^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_encrypted_secrets\(fl2000dc:local\)
+^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_required_features\(fl2000dc:local\)
+#
+# The tests for bug 13563 https://bugzilla.samba.org/show_bug.cgi?id=13653
+# should fail in the mdb case, as sam.ldb is currently a tdb file.
+#
+^samba.tests.blackbox.bug13653.samba.tests.blackbox.bug13653.Bug13653Tests.test_mdb_scheme

testcases/smbtorture/selftest/expectedfail.d/labdc

@@ -0,0 +1,5 @@
+# Because the lab-DC testenv scrubs all user info (apart from the Admin),
+# we expect tests relying on other users' credentials to fail.
+# These tests fail because they use testallowed and testdenied users.
+^samba4.rpc.echo.testallowed.*labdc.*
+^samba4.rpc.echo.testdenied.*labdc.*

testcases/smbtorture/selftest/expectedfail.d/ntlm-auth

@@ -0,0 +1,21 @@
+# NETLOGON is disabled in any non-DC environments
+^samba.tests.netlogonsvc.python\(ad_member\)
+^samba.tests.netlogonsvc.python\(simpleserver\)
+^samba.tests.netlogonsvc.python\(fileserver\)
+# NETLOGON is disabled in any non-DC environments
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_2nd_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_08_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cmpx_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_didnot_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_maybe_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_only_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests01\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests02\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests03\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests04\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests05\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_only_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_mix_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_none_only_requests\(ad_member\)

testcases/smbtorture/selftest/expectedfail.d/ntlmdisabled

@@ -0,0 +1,6 @@
+# NTLM authentication is (intentionally) disabled in ktest
+^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ktest\)
+^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ad_dc_no_ntlm\)
+# Disabling NTLM means you can't use samr to change the password
+^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
+^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)

testcases/smbtorture/selftest/expectedfail.d/ntlmv1-restrictions

@@ -0,0 +1,5 @@
+# These tests should fail in these environments, as we restrict NTLMv1
+# in both of these, with vampire_dc however allowing MSCHAPv2
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(vampire_dc\)
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExMSCHAPv2\(promoted_dc\)
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(promoted_dc\)

testcases/smbtorture/selftest/expectedfail.d/samba-4.5-emulation

@@ -0,0 +1,4 @@
+# This fails as there is no second DC in this environment, so it is always the owner
+samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_FSMONotOwner\(chgdcpass\)
+# This fails because GET_ANC is now poorly implemented (matching Samba 4.5)
+^samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_link_utdv_hwm\(chgdcpass\)

testcases/smbtorture/selftest/flapping.d/nbt_dgram

@@ -1,6 +1,6 @@
 # following SMB1/SMB2 test env split it seems this test
 # fails randomly however it doesn't seem to be directly
-# related to the changes (e.g. not protocl negotiation
+# related to the changes (e.g. not protocol negotiation
 # specific) Best guess is the order of test having being
 # changed (as a result of test moving env) or some other
 # strange env related side affect is causing this.

testcases/smbtorture/selftest/flapping.d/smb2-multichannel

@@ -0,0 +1,3 @@
+# https://bugzilla.samba.org/show_bug.cgi?id=15498
+# This test often times out in CI.
+^samba3\.smb2\.multichannel\.bugs\.bug_15346\(nt4_dc\)$