smbtorture: update selftest files

This includes a new subdirectory expectedfail.d which includes all tests
expected to always fail.

Head of samba repo when this copy was made
0caaa2d1723 (vfs: Remove shadow_copy2_get_real_filename_at(), 2024-01-11)

Signed-off-by: Sachin Prabhu <[email protected]>

testcases/smbtorture/selftest/README

@@ -1,4 +1,4 @@
 Scripts and modules copied over from the samba source tree.
 
 At the time of copy, the samba head is at
-7938d94d12e s4-selftest: add net offlinejoin tests
+0caaa2d1723 (vfs: Remove shadow_copy2_get_real_filename_at(), 2024-01-11)

testcases/smbtorture/selftest/expectedfail.d/README

@@ -0,0 +1,22 @@
+# Files in this directory contain lists of regular expressions
+# matching the names of tests that are *necessarily* expected to fail.
+#
+# "make test" will not report failures for tests listed here and will
+# consider a successful run for any of these tests an error.
+#
+# They differ from the knownfail tests (selftest/knownfail.d) in that
+# the lack of failure here is definitely a problem. The knownfail
+# tests might be fixed one day, even accidentally, but these ones will
+# not.
+#
+# Before adding tests here, consider rewriting the test so that the
+# expected result is a failure. The tests in here are typically
+# testing the use of some protocol or feature on a server that has
+# that feature turned off. The same tests will also be run against
+# another server where they do not fail. The downside of this method
+# is we don't know that these expected fail tests are failing in the
+# right way.
+#
+# Empty lines and lines beginning with '#' are ignored.
+#
+# Please don't add tests to this README!

testcases/smbtorture/selftest/expectedfail.d/encrypted_secrets

@@ -0,0 +1,13 @@
+# The fl2000dc environment is provisioned with the --plaintext-secrets option
+# running the ecnrypted secrets tests on it and expecting them to fail.
+# verifies that:
+#   * --plaintext-secrets option correctly provisions a domain
+#   * the dsdb operational module correctly handles unencrypted secrets
+#   * secrets are not stored as encrypted text when this option is specified
+^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_encrypted_secrets\(fl2000dc:local\)
+^samba.tests.encrypted_secrets.samba.tests.encrypted_secrets.EncryptedSecretsTests.test_required_features\(fl2000dc:local\)
+#
+# The tests for bug 13563 https://bugzilla.samba.org/show_bug.cgi?id=13653
+# should fail in the mdb case, as sam.ldb is currently a tdb file.
+#
+^samba.tests.blackbox.bug13653.samba.tests.blackbox.bug13653.Bug13653Tests.test_mdb_scheme

testcases/smbtorture/selftest/expectedfail.d/labdc

@@ -0,0 +1,5 @@
+# Because the lab-DC testenv scrubs all user info (apart from the Admin),
+# we expect tests relying on other users' credentials to fail.
+# These tests fail because they use testallowed and testdenied users.
+^samba4.rpc.echo.testallowed.*labdc.*
+^samba4.rpc.echo.testdenied.*labdc.*

testcases/smbtorture/selftest/expectedfail.d/ntlm-auth

@@ -0,0 +1,21 @@
+# NETLOGON is disabled in any non-DC environments
+^samba.tests.netlogonsvc.python\(ad_member\)
+^samba.tests.netlogonsvc.python\(simpleserver\)
+^samba.tests.netlogonsvc.python\(fileserver\)
+# NETLOGON is disabled in any non-DC environments
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_2nd_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_08_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_cmpx_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_didnot_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_maybe_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_first_only_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests01\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests02\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests03\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests04\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_fragmented_requests05\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_cancel_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_last_only_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_mix_requests\(ad_member\)
+^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_none_only_requests\(ad_member\)

testcases/smbtorture/selftest/expectedfail.d/ntlmdisabled

@@ -0,0 +1,6 @@
+# NTLM authentication is (intentionally) disabled in ktest
+^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ktest\)
+^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ad_dc_no_ntlm\)
+# Disabling NTLM means you can't use samr to change the password
+^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
+^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)

testcases/smbtorture/selftest/expectedfail.d/ntlmv1-restrictions

@@ -0,0 +1,5 @@
+# These tests should fail in these environments, as we restrict NTLMv1
+# in both of these, with vampire_dc however allowing MSCHAPv2
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(vampire_dc\)
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExMSCHAPv2\(promoted_dc\)
+samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonExNTLM\(promoted_dc\)

testcases/smbtorture/selftest/expectedfail.d/samba-4.5-emulation

@@ -0,0 +1,4 @@
+# This fails as there is no second DC in this environment, so it is always the owner
+samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_FSMONotOwner\(chgdcpass\)
+# This fails because GET_ANC is now poorly implemented (matching Samba 4.5)
+^samba4.drs.getnc_exop.python\(chgdcpass\).getnc_exop.DrsReplicaSyncTestCase.test_link_utdv_hwm\(chgdcpass\)

testcases/smbtorture/selftest/flapping.d/nbt_dgram

@@ -1,6 +1,6 @@
 # following SMB1/SMB2 test env split it seems this test
 # fails randomly however it doesn't seem to be directly
-# related to the changes (e.g. not protocl negotiation
+# related to the changes (e.g. not protocol negotiation
 # specific) Best guess is the order of test having being
 # changed (as a result of test moving env) or some other
 # strange env related side affect is causing this.

testcases/smbtorture/selftest/flapping.d/smb2-multichannel

@@ -0,0 +1,3 @@
+# https://bugzilla.samba.org/show_bug.cgi?id=15498
+# This test often times out in CI.
+^samba3\.smb2\.multichannel\.bugs\.bug_15346\(nt4_dc\)$

testcases/smbtorture/selftest/format-subunit

@@ -46,7 +46,7 @@ summaryfile = os.path.join(opts.prefix, "summary")
 
 msg_ops.write_summary(summaryfile)
 
-print("\nA summary with detailed information can be found in:")
-print("  %s" % summaryfile)
+print("\nThere might be more detail in "
+      f"{os.path.join(opts.prefix, 'subunit')} or {summaryfile}.")
 
 sys.exit(expected_ret)

testcases/smbtorture/selftest/knownfail

@@ -62,7 +62,7 @@
 ^samba3.base.delete.deltest17a
 ^samba3.unix.whoami anonymous connection.whoami\(ad_dc_smb1\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token
 # smbclient4 behaves differently from smbclient (s3) when encountering
-# logon failures when possesing a valid ticket. Test below has been
+# logon failures when possessing a valid ticket. Test below has been
 # changed to use smbclient (in order to support SMB2) and this part of the
 # test fails due to this difference
 ^samba4.blackbox.chgdcpass.Test login with kerberos ccache after 2nd password change\(chgdcpass\)
@@ -90,6 +90,7 @@
 ^samba4.rpc.epmapper.*.Lookup_simple
 ^samba4.rpc.epmapper.*.Map_simple
 ^samba4.rpc.epmapper.*.Map_full
+^samba3.rpc.epmapper.*.Map_full
 ^samba4.rpc.lsalookup on ncalrpc
 ^samba4.rpc.lsalookup on ncacn_np
 ^samba4.rpc.lsalookup with seal,padcheck
@@ -145,11 +146,12 @@
 ^samba4.smb2.create.*.acldir
 ^samba4.smb2.create.*.impersonation
 ^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS
+^samba4.smb2.create.dosattr_tmp_dir\(ad_dc_ntvfs\)
 ^samba4.smb2.acls.*.generic
 ^samba4.smb2.acls.*.inheritflags
 ^samba4.smb2.acls.*.owner
 ^samba4.smb2.acls.*.ACCESSBASED
-^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
+^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.SimpleDirsyncTests.test_dirsync_deleted_items_OBJECT_SECURITY
 #^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.*
 ^samba4.libsmbclient.opendir.(NT1|SMB3).opendir # This requires netbios browsing
 ^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$
@@ -175,6 +177,7 @@
 ^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
 ^samba4.smb2.oplock.statopen1\(ad_dc_ntvfs\)$ # fails with ACCESS_DENIED on a SYNCHRONIZE_ACCESS open
 ^samba4.smb2.getinfo.complex # streams on directories does not work
+^samba4.smb2.getinfo.getinfo_access\(ad_dc_ntvfs\) # Access checks not implemented
 ^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
 ^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
 ^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL thingy
@@ -193,28 +196,28 @@
 ^samba3.smb2.durable-open.delete_on_close2
 ^samba3.smb2.durable-v2-open.app-instance
 ^samba3.smb2.durable-open.reopen1a-lease\(ad_dc\)$
+^samba3.smb2.durable-open.stat-open\(ad_dc\)$
 ^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$
 ^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
 ^samba4.smb2.ioctl.req_two_resume_keys\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
 ^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\)	# not supported by s4 ntvfs server
 ^samba4.smb2.ioctl.copy-chunk streams\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
+^samba4.smb2.ioctl.bug14769\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
+^samba4.smb2.ioctl-on-stream.ioctl-on-stream\(ad_dc_ntvfs\)
 ^samba3.smb2.dir.one
 ^samba3.smb2.dir.modify
 ^samba3.smb2.oplock.batch20
 ^samba3.smb2.oplock.stream1
 ^samba3.smb2.streams.rename
 ^samba3.smb2.streams.rename2
-^samba3.smb2.streams.attributes
 ^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
 ^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
-^samba3.smb2.streams streams_xattr.attributes\(nt4_dc\)
 ^samba3.smb2.getinfo.complex
 ^samba3.smb2.getinfo.fsinfo # quotas don't work yet
 ^samba3.smb2.setinfo.setinfo
 ^samba3.smb2.session.*reauth5 # some special anonymous checks?
 ^samba3.smb2.compound.interim2 # wrong return code (STATUS_CANCELLED)
 ^samba3.smb2.compound.aio.interim2 # wrong return code (STATUS_CANCELLED)
-^samba3.smb2.lock.replay_smb3_specification_durable\(nt4_dc\) # Requires durable handles
 ^samba3.smb2.lock.*replay_broken_windows # This tests the windows behaviour
 ^samba3.smb2.lease.statopen3
 ^samba3.smb2.lease.unlink # we currently do not downgrade RH lease to R after unlink
@@ -248,6 +251,10 @@
 # not implemented
 ^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(ad_dc\)
 ^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(nt4_dc\)
+^samba3.rpc.svcctl.svcctl.QueryServiceConfigEx\(ad_dc\)
+^samba3.rpc.svcctl.svcctl.QueryServiceConfigEx\(nt4_dc\)
+^samba3.rpc.svcctl.svcctl.ControlServiceExW\(ad_dc\)
+^samba3.rpc.svcctl.svcctl.ControlServiceExW\(nt4_dc\)
 #
 # This makes less sense when not running against an AD DC
 #
@@ -300,7 +307,7 @@
 #
 ^samba.tests.dcerpc.integer.samba.tests.dcerpc.integer.IntegerTests.test_.*_into_uint8_list
 #
-# Samba sort takes a primative approach to unicode sort. These tests
+# Samba sort takes a primitive approach to unicode sort. These tests
 # match Windows 2012R2 behaviour.
 #
 ^samba4.ldap.sort.python.+UnicodeSortTests
@@ -342,38 +349,18 @@
 ^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_no_auth_presentation_ctx_invalid4
 ^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_auth_type2
 ^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_transfer
-# Association groups between processes not implemented yet in s3 server implementation
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_assoc_group_ok2\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_assoc_group_fail1\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_assoc_group_fail2\(ad_member\)
-^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_assoc_group_fail3\(ad_member\)
+
 ^samba4.rpc.echo.*on.*with.object.echo.doublepointer.*nt4_dc
 ^samba4.rpc.echo.*on.*with.object.echo.surrounding.*nt4_dc
 ^samba4.rpc.echo.*on.*with.object.echo.enum.*nt4_dc
 ^samba4.rpc.echo.*on.*with.object.echo.testcall.*nt4_dc
 ^samba4.rpc.echo.*on.*with.object.echo.testcall2.*nt4_dc
-^samba4.rpc.echo.*on.*ncacn_ip_tcp.*with.object.*nt4_dc
 ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_add_duplicate_different_type.*
 ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_rank_none.*
 ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.*
 ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_dangling_multi_valued_clean
 ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing
-#
-# rap password tests don't function in the ad_dc_ntvfs environment
-#
-^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs\)
+
 # We currently don't send referrals for LDAP modify of non-replicated attrs
 ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
-^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos
-# NETLOGON is disabled in any non-DC environments
-^samba.tests.netlogonsvc.python\(ad_member\)
-^samba.tests.netlogonsvc.python\(simpleserver\)
-^samba.tests.netlogonsvc.python\(fileserver\)
-# NTLM authentication is (intentionally) disabled in ktest
-^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ktest\)
-^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ad_dc_no_ntlm\)
-# Disabling NTLM means you can't use samr to change the password
-^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
-^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
-
 

testcases/smbtorture/selftest/knownfail.d/README

@@ -1,6 +1,10 @@
 # Files in this directory contain lists of regular expressions
 # matching the names of tests that are temporarily expected to fail.
 #
+# Tests that are intended to *always* fail (e.g. to prove that the
+# test can't succeed under certain conditions) should be added under
+# selftest/expectedfail.d instead.
+#
 # "make test" will not report failures for tests listed here and will consider
 # a successful run for any of these tests an error.
 #

testcases/smbtorture/selftest/knownfail.d/bug-14810

@@ -0,0 +1,2 @@
+^samba4.user_account_control.python\(.*\).__main__.UserAccountControlTests.test_add_computer_cc_normal_bare\(.*\)
+^samba4.user_account_control.python\(.*\).__main__.UserAccountControlTests.test_add_computer_sd_cc\(.*\)

testcases/smbtorture/selftest/knownfail.d/claims-client-tool

@@ -0,0 +1 @@
+^samba.tests.samba_tool.domain_claim.samba.tests.samba_tool.domain_claim.ClaimTypeCmdTestCase.test_delete__protected\(.*\)

testcases/smbtorture/selftest/knownfail.d/conditional_ace_claims

@@ -0,0 +1 @@
+^samba.tests.conditional_ace_claims.+ConditionalAceLargeComposites.test_allow_002-0-vs-0

testcases/smbtorture/selftest/knownfail.d/dfs_paths

@@ -0,0 +1,2 @@
+^samba3.smbtorture_s3.smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\)
+^samba3.smbtorture_s3.smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\)

testcases/smbtorture/selftest/knownfail.d/dirsync

@@ -0,0 +1,13 @@
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_OBJECT_SECURITY_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_OBJ_SEC_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_with_GET_CHANGES_OBJ_SEC_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_unicodePwd_with_GET_CHANGES_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_with_GET_CHANGES_OBJECT_SECURITY_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialDirsyncTests.test_dirsync_with_GET_CHANGES\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_OBJECT_SECURITY_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_OBJECT_SECURITY_with_GET_CHANGES_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_with_GET_CHANGES_attr\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.ConfidentialFilteredDirsyncTests.test_dirsync_with_GET_CHANGES_insist_on_empty_element\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES_attr\(.*\)
+^samba4.ldap.dirsync.python\(.*\).__main__.FilteredDirsyncTests.test_dirsync_with_GET_CHANGES_insist_on_empty_element\(.*\)

testcases/smbtorture/selftest/knownfail.d/dns

@@ -1,5 +1,5 @@
 # These tests are expected to fail because we want to ensure that
-# unauthenicated updates are not permitted against the default
+# unauthenticated updates are not permitted against the default
 # configuration, nor against an RODC
 
 samba.tests.dns.__main__.TestDNSUpdates.test_delete_record\(rodc:local\)

testcases/smbtorture/selftest/knownfail.d/getncchanges

@@ -4,3 +4,5 @@ samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegri
 samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_chain\(promoted_dc\)
 samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_and_anc\(promoted_dc\)
 samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_multivalued_links\(promoted_dc\)
+# Samba chooses to always increment the USN for the NC root at the point where it would otherwise show up.
+samba4.drs.getncchanges.python\(.*\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_nc_is_first_nc_change_only\(

testcases/smbtorture/selftest/knownfail.d/gkdi

@@ -0,0 +1,19 @@
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_algorithm_none\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_algorithm_sha1\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_algorithm_sha256\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_algorithm_sha384\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_algorithm_sha512\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_before_valid\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_current_l0_idx\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_future_key\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_non_existent_root_key\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_previous_l0_idx\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_root_key_use_start_time_too_low\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_root_key_use_start_time_zero\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_root_key_wrong_length\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_both_seed_keys\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_l1_seed_key\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_l2_seed_key\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_request_default_seed_key\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_request_l0_seed_key\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_request_l1_seed_key\(ad_dc\)$