sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

gpupdate: test the new --force option

Browse Source 
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
This commit is contained in:
David Mulder 2018-07-23 13:27:31 -06:00 committed by Aurélien Aptel
parent 4e98d18bea
commit 6ac1445a99
1 changed files with 111 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
source4/torture/gpo/apply.c
View File

@ -96,6 +96,7 @@ bool torture_gpo_system_access_policies(struct torture_context *tctx)
FILE *fp = NULL;
const char **gpo_update_cmd;
char **gpo_unapply_cmd;
char **gpo_update_force_cmd;
int minpwdcases[] = { 0, 1, 998 };
int maxpwdcases[] = { 0, 1, 999 };
int pwdlencases[] = { 0, 1, 14 };
@ -207,10 +208,119 @@ bool torture_gpo_system_access_policies(struct torture_context *tctx)
"The pwdProperties were not applied");
}
/* Unapply the settings and verify they are removed */
/* Reset settings, then verify a reapply doesn't force them back */
for (i = 0; i < old_message->num_elements; i++) {
old_message->elements[i].flags = LDB_FLAG_MOD_REPLACE;
}
ret = ldb_modify(samdb, old_message);
torture_assert(tctx, ret == 0, "Failed to reset password settings.");
ret = exec_wait(discard_const_p(char *, gpo_update_cmd));
torture_assert(tctx, ret == 0,
"Failed to execute the gpo update command");
/* Validate that the apply did nothing (without --force param) */
ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
/* minPwdAge */
torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[0],
"")),
unix2nttime(ldb_msg_find_attr_as_string(old_message,
attrs[0],
"")
),
"The minPwdAge was re-applied");
/* maxPwdAge */
torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[1],
"")),
unix2nttime(ldb_msg_find_attr_as_string(old_message,
attrs[1],
"")
),
"The maxPwdAge was re-applied");
/* minPwdLength */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[2],
-1),
ldb_msg_find_attr_as_int(
old_message,
attrs[2],
-2),
"The minPwdLength was re-applied");
/* pwdProperties */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[3],
-1),
ldb_msg_find_attr_as_int(
old_message,
attrs[3],
-2),
"The pwdProperties were re-applied");
for (itr = gpo_update_cmd; *itr != NULL; itr++) {
gpo_update_len++;
}
/* Run gpupdate --force and verify settings are re-applied */
gpo_update_force_cmd = talloc_array(ctx, char*, gpo_update_len+2);
for (i = 0; i < gpo_update_len; i++) {
gpo_update_force_cmd[i] = talloc_strdup(gpo_update_force_cmd,
gpo_update_cmd[i]);
}
gpo_update_force_cmd[i] = talloc_asprintf(gpo_update_force_cmd,
"--force");
gpo_update_force_cmd[i+1] = NULL;
ret = exec_wait(gpo_update_force_cmd);
torture_assert(tctx, ret == 0,
"Failed to execute the gpupdate --force command");
ret = ldb_search(samdb, ctx, &result,
ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
/* minPwdAge */
torture_assert_int_equal(tctx, unix2nttime(
ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[0],
"")), minpwdcases[2],
"The minPwdAge was not applied");
/* maxPwdAge */
torture_assert_int_equal(tctx, unix2nttime(
ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[1],
"")), maxpwdcases[2],
"The maxPwdAge was not applied");
/* minPwdLength */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[2],
-1),
pwdlencases[2],
"The minPwdLength was not applied");
/* pwdProperties */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[3],
-1),
pwdpropcases[2],
"The pwdProperties were not applied");
/* Unapply the settings and verify they are removed */
gpo_unapply_cmd = talloc_array(ctx, char*, gpo_update_len+2);
for (i = 0; i < gpo_update_len; i++) {
gpo_unapply_cmd[i] = talloc_strdup(gpo_unapply_cmd,