sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
74dbfc4da6
samba-mirror/testprogs/blackbox/test_net_ads_dns.sh

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

163 lines
5.4 KiB
Bash
Raw Normal View History

s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
#!/bin/sh
# Blackbox tests for net ads dns register etc.
# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
testprogs/blackbox: don't use hardcoded values in test_net_ads_dns.sh Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-12 17:02:32 +03:00
if [ $# -lt 6 ]; then
testprogs: Reformat test_net_ads_dns.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-04-22 16:46:05 +03:00
cat <<EOF
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
Usage: test_net_ads_dns.sh SERVER DC_USERNAME DC_PASSWORD REALM USER PASS
EOF
testprogs: Reformat test_net_ads_dns.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-04-22 16:46:05 +03:00
exit 1
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
fi
SERVER=$1
DC_USERNAME=$2
DC_PASSWORD=$3
REALM=$4
USERNAME=$5
PASSWORD=$6
shift 6
failed=0
samba4bindir="$BINDIR"
samba_tool="$samba4bindir/samba-tool"
net_tool="$samba4bindir/net"
smbpasswd="$samba4bindir/smbpasswd"
texpect="$samba4bindir/texpect"
testprogs: If built against system db use the system tools in test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2022-12-04 21:44:52 +03:00
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
newuser="$samba_tool user create"
groupaddmem="$samba_tool group addmembers"
testprogs: Reformat test_net_ads_dns.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-04-22 16:46:05 +03:00
. $(dirname $0)/subunit.sh
testprogs: Use system_or_builddir_binary() for test_net_ads_dns Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-22 16:02:04 +03:00
. "$(dirname "${0}")/common_test_fns.inc"
ldbmodify=$(system_or_builddir_binary ldbmodify "${BINDIR}")
ldbsearch=$(system_or_builddir_binary ldbsearch "${BINDIR}")
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
UID_WRAPPER_ROOT=1
export UID_WRAPPER_ROOT
IPADDRESS=10.1.4.111
tests: also test net ads dns (un)register with IPv6 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-22 20:10:44 +03:00
IP6ADDRESS=fd00:1a1a::1:5ee:bad:c0de
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
IPADDRMAC=10.1.4.124
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
UNPRIVIP=10.1.4.130
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
ADMINNAME=testname.$$
MACHINENAME=membername.$$
testprogs: use uniqe names in "net ads dns" tests to avoid conflicts Avoid conflicts when running the same tests multiple times. Reduces the needs to cleanup all objects properly. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 22:15:23 +03:00
UNPRIVNAME=unprivname.$$
UNPRIVUSER=unprivuser.$$
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
UNPRIVPASS=UnPrivPass1
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
# These tests check that privileged users can add DNS names and that
# unprivileged users cannot do so.
echo "Starting ..."
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
testit "admin user should be able to add a DNS entry $ADMINNAME.$REALM $IPADDRESS $IP6ADDRESS" \
$VALGRIND $net_tool ads dns register $ADMINNAME.$REALM $IPADDRESS $IP6ADDRESS -U$DC_USERNAME%$DC_PASSWORD ||
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
testit_grep_count \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
"We should be able to see the new name $ADMINNAME.$REALM $IPADDRESS" \
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
"$IPADDRESS" \
1 \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
dig @$SERVER +short -t a $ADMINNAME.$REALM ||
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
failed=$(expr $failed + 1)
testit_grep_count \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
"We should be able to see the new name $ADMINNAME.$REALM $IP6ADDRESS" \
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
"$IP6ADDRESS" \
1 \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
dig @$SERVER +short -t aaaa $ADMINNAME.$REALM ||
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
testit "We should be able to unregister the name $ADMINNAME.$REALM" \
$VALGRIND $net_tool ads dns unregister $ADMINNAME.$REALM -U$DC_USERNAME%$DC_PASSWORD ||
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
testit_grep_count \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
"The name $ADMINNAME.$REALM $IPADDRESS should not be there any longer" \
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
"$IPADDRESS" \
0 \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
dig @$SERVER +short -t a $ADMINNAME.$REALM ||
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
failed=$(expr $failed + 1)
testit_grep_count \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
"The name $ADMINNAME.$REALM $IP6ADDRESS should not be there any longer" \
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
"$IP6ADDRESS" \
0 \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
dig @$SERVER +short -t aaaa $ADMINNAME.$REALM ||
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
test: Prime the kpasswd server I was getting this failure: [102(815)/143 at 10m59s] samba4.blackbox.net_ads_dns(ad_member:local)(ad_member:local) UNEXPECTED(failure): samba4.blackbox.net_ads_dns(ad_member:local).Adding an unprivileged user(ad_member:local) REASON: Exception: Exception: Could not add user unprivuser. Error setting password Incorrect net address My preliminary analysis shows that the KRB5KRB_AP_ERR_BADADDR error message is triggered by the libkrb5 client code. I have not yet shown this to happen with pure libkrb5, but my theory is the following: k5_privsafe_check_addrs() fails under the following circumstances: The kpasswd server is contacted on IPv4 and is slow to reply. After waiting a bit, libkrb5 also tries to contact kpasswd on IPv6. kpasswd_sendto_msg_callback() for the IPv6 request changes the authentication context's local_addr to IPv6. Then the IPv4 request is replied to, and then k5_privsafe_check_addrs() bails on the address family in ac->local_addr (IPv6) vs the one received and via the IPv4 connection. libkrb5's src/lib/krb5/os/changepw.c has this comment: /* * TBD: Does this tamper w/ the auth context in such a way * to break us? Yes - provide 1 per conn-state / host... */ I think we're hit by this. This patch hacks around the situation by priming the kpasswd server without error checking. If the initial v4 request is quick enough because the kpasswd server is already started up properly, everything works flawlessly. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-09-01 13:04:43 +03:00
# prime the kpasswd server, see "git blame" for an explanation
$VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD
$VALGRIND $net_tool user delete $UNPRIVUSER -U$DC_USERNAME%$DC_PASSWORD
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
# This should be an expect_failure test ...
testprogs: Reformat test_net_ads_dns.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-04-22 16:46:05 +03:00
testit "Adding an unprivileged user" $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
tests: Use ldbsearch '--scope instead of '-s' We should use long options in tests to make clear what we are trying to do. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-17 14:25:15 +03:00
BASEDN=$($VALGRIND $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -b '' --scope=base defaultNamingContext | grep defaultNamingContext | sed -e 's!^defaultNamingContext: !!')
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
testprogs/blackbox: don't use hardcoded values in test_net_ads_dns.sh Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-12 17:02:32 +03:00
LDIF="dn: CN=$UNPRIVUSER,CN=users,${BASEDN}+changetype: modify+replace: userAccountControl+userAccountControl: 512"
echo $LDIF | tr '+' '\n' | $VALGRIND $ldbmodify -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -i
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
STATUS=$?
testprogs: Reformat test_net_ads_dns.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-04-22 16:46:05 +03:00
testit "We should have enabled the account" test $STATUS -eq 0 || failed=$(expr $failed + 1)
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
#Unprivileged users should be able to add new names
testprogs: Reformat test_net_ads_dns.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-04-22 16:46:05 +03:00
testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
# This should work as well
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
testit "machine account should be able to add a DNS entry net ads dns register $MACHINENAME.$REALM $IPADDRMAC -P" \
$net_tool ads dns register $MACHINENAME.$REALM $IPADDRMAC -P ||
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
testit_grep_count \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
"We should be able to see the new name $MACHINENAME.$REALM" \
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
"$IPADDRMAC" \
1 \
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
dig @$SERVER +short -t a $MACHINENAME.$REALM ||
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
#Unprivileged users should not be able to overwrite other's names
testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 22:20:51 +03:00
testit_expect_failure \
"Unprivileged users should not be able to modify existing names" \
$net_tool ads dns register $MACHINENAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS &&
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:27:17 +03:00
failed=$(expr $failed + 1)
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
2016-07-01 07:07:19 +03:00
testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:35:02 +03:00
testit "We should be able to unregister the name $UNPRIVNAME.$REALM $IPADDRESS" \
$VALGRIND $net_tool ads dns unregister $UNPRIVNAME.$REALM -U$UNPRIVUSER%$UNPRIVPASS ||
failed=$(expr $failed + 1)
testprogs: remove used records in "net ads dns" tests Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:52:05 +03:00
testit "We should be able to unregister the name $MACHINENAME.$REALM $IPADDRESS" \
$VALGRIND $net_tool ads dns unregister $MACHINENAME.$REALM -P ||
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
testprogs: net ads dns tests: remove test user after usage. Not required anymore and would produce errors, when the test runs a second time. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:57:54 +03:00
# Remove the unprivileged user, which is not required anymore
$VALGRIND $net_tool user delete $UNPRIVUSER -U$DC_USERNAME%$DC_PASSWORD
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
testit_grep_count \
testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:35:02 +03:00
"The name $UNPRIVNAME.$REALM ($IPADDRESS) should not be there any longer" \
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
"$IPADDRESS" \
0 \
testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:35:02 +03:00
dig @$SERVER +short -t a $UNPRIVNAME.$REALM ||
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
failed=$(expr $failed + 1)
testit_grep_count \
testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:35:02 +03:00
"The name $UNPRIVNAME.$REALM ($IP6ADDRESS) should not be there any longer" \
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
"$IP6ADDRESS" \
0 \
testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:35:02 +03:00
dig @$SERVER +short -t aaaa $UNPRIVNAME.$REALM ||
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-22 17:22:58 +03:00
failed=$(expr $failed + 1)
testprogs: remove used records in "net ads dns" tests Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-24 18:52:05 +03:00
testit_grep_count \
"The name $MACHINENAME.$REALM ($IPADDRESS) should not be there any longer" \
"$IPADDRESS" \
0 \
dig @$SERVER +short -t a $MACHINENAME.$REALM ||
failed=$(expr $failed + 1)
testit_grep_count \
"The name $MACHINENAME.$REALM ($IP6ADDRESS) should not be there any longer" \
"$IP6ADDRESS" \
0 \
dig @$SERVER +short -t aaaa $MACHINENAME.$REALM ||
failed=$(expr $failed + 1)
s4/selftests: test net ads dns register/unregister. Add a new test for the net ads dns commands and the needed self test setup. Currently tests that we can register a name and that it turns up. Also, tests that we can register with -P. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-19 07:51:26 +03:00
exit $failed
Copy Permalink