1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

testprogs/blackbox: Improve the net ads dns register tests.

More tests are added that add an unprivileged user, enable their
account, and then test that they can add IP addressed but that they
cannot modify other user's IP addresses.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sun Jul  3 14:24:59 CEST 2016 on sn-devel-144
This commit is contained in:
Richard Sharpe 2016-06-30 21:07:19 -07:00 committed by Richard Sharpe
parent 2352e49f32
commit 1444196521

View File

@ -44,7 +44,11 @@ export UID_WRAPPER_ROOT
IPADDRESS=10.1.4.111
IPADDRMAC=10.1.4.124
UNPRIVIP=10.1.4.130
NAME=testname
UNPRIVNAME=unprivname
UNPRIVUSER=unprivuser
UNPRIVPASS=UnPrivPass1
# These tests check that privileged users can add DNS names and that
# unprivileged users cannot do so.
@ -63,7 +67,17 @@ testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGR
testit "The name $NAME.$REALM should not be there any longer" test X"`$net_tool ads dns gethostbyname $SERVER $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD | tr " " B | tr \! N`" != X"$IPADDRESS" || failed=`expr $failed + 1`
# This should be an expect_failure test ...
# testit "unprivileged users should not be able to add a DNS entry" $VALGRIND $net_tool ads dns register funnyname2.$REALM 10.1.4.112 -U$USERNAME%$PASSWORD && failed=`expr $failed + 1`
testit "Adding an unprivileged user" $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
LDIF="dn: CN=$UNPRIVUSER,CN=users,DC=samba,DC=example,DC=com+changetype: modify+replace: userAccountControl+userAccountControl: 512"
echo $LDIF | tr '+' '\n' | ./bin/ldbmodify -Uadministrator%locDCpass1 -H ldap://localdc.samba.example.com -i
STATUS=$?
testit "We should have enabled the account" test $STATUS -eq 0 || failed=`expr $failed + 1`
#Unprivileged users should be able to add new names
testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1`
# This should work as well
testit "machine account should be able to add a DNS entry net ads dns register membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.$REALM $IPADDRMAC -P || failed=`expr $failed + 1`
@ -72,6 +86,9 @@ testit "machine account should be able to add a DNS entry net ads dns register m
# and spaces from the output. Thew will screw up the comparison syntax.
testit "We should be able to see the new name membername.$REALM using -P" [ X"`$VALGRIND $net_tool ads dns gethostbyname $SERVER membername.$REALM -P | tr \! N | tr " " B`" = X"$IPADDRMAC" ] || failed=`expr $failed + 1`
#Unprivileged users should not be able to overwrite other's names
testit_expect_failure "Unprivileged users should not be able modify existing names" $net_tool ads dns register membername.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1`
testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -P || failed=`expr $failed + 1`
# The complicated pipeline is to ensure that we remove exclamation points