1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

21 Commits

Author SHA1 Message Date
Andreas Schneider
579182372a testprogs: Do not export UID_WRAPPER_ROOT in test_net_ads_dns.sh
There is not need for root here.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-16 20:28:29 +00:00
Joseph Sutton
833cefe8ee testprogs: Make testit_expect_failure() return 0 on success
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.

Adjust all callers expecting the opposite behaviour to match.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Björn Baumbach
529ef99d7c testprogs: add test for new net ads dns register --dns-ttl option
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
ca3fbde2c8 testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
74dbfc4da6 testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
cc3696f51d testprogs: remove used records in "net ads dns" tests
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
8f53f32bff testprogs: use more unique names in "net ads dns" tests
ADMINNAME can be used for records, created by the AD admin
MACHINENAME for records, created by the machine (-P)
UNPRIVNAME for records, created by the unprivileged user

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
80d58ead5e testprogs: remove only used dns records in "net ads dns" tests
$NAME was not added here in this section, but $UNPRIV.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
9fa659cc1f testprogs: use uniqe names in "net ads dns" tests to avoid conflicts
Avoid conflicts when running the same tests multiple times.
Reduces the needs to cleanup all objects properly.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
1b2627fc70 testprogs: net ads dns tests: remove test user after usage.
Not required anymore and would produce errors, when the test runs
a second time.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Björn Baumbach
5e62d580f4 testprogs: fix some "net ads dns" tests
Use testit_grep_count instead of greping the output of testit.
Running testit with "| grep" falsifies the test results.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Andreas Schneider
535bc5dca7 testprogs: Use system_or_builddir_binary() for test_net_ads_dns
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 14:35:31 +00:00
Andreas Schneider
9a97e54f35 testprogs: If built against system db use the system tools in test_net_ads_dns.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-12-05 07:19:35 +00:00
Andreas Schneider
865531f9c6 testprogs: Reformat test_net_ads_dns.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-10 09:22:30 +00:00
Volker Lendecke
afd014245a test: Prime the kpasswd server
I was getting this failure:

[102(815)/143 at 10m59s] samba4.blackbox.net_ads_dns(ad_member:local)(ad_member:local)
UNEXPECTED(failure): samba4.blackbox.net_ads_dns(ad_member:local).Adding an unprivileged user(ad_member:local)
REASON: Exception: Exception: Could not add user unprivuser. Error setting password Incorrect net address

My preliminary analysis shows that the KRB5KRB_AP_ERR_BADADDR error
message is triggered by the libkrb5 client code. I have not yet shown
this to happen with pure libkrb5, but my theory is the following:

k5_privsafe_check_addrs() fails under the following circumstances: The
kpasswd server is contacted on IPv4 and is slow to reply. After
waiting a bit, libkrb5 also tries to contact kpasswd on
IPv6. kpasswd_sendto_msg_callback() for the IPv6 request changes the
authentication context's local_addr to IPv6. Then the IPv4 request is
replied to, and then k5_privsafe_check_addrs() bails on the address
family in ac->local_addr (IPv6) vs the one received and via the IPv4
connection.

libkrb5's src/lib/krb5/os/changepw.c has this comment:

    /*
     * TBD:  Does this tamper w/ the auth context in such a way
     * to break us?  Yes - provide 1 per conn-state / host...
     */

I think we're hit by this.

This patch hacks around the situation by priming the kpasswd server
without error checking. If the initial v4 request is quick enough
because the kpasswd server is already started up properly, everything
works flawlessly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Stefan Metzmacher
7c3bb491ba testprogs: Consistantly use kinit -c $KRB5CCNAME
We want to be really clear which credentials cache we use.

The kerberos_kinit() shell function uses this internally.

-c is the common option between MIT and Heimdal, and is
equivilant to --cache

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 23:51:43 UTC 2021 on sn-devel-184
2021-07-05 23:51:43 +00:00
Andreas Schneider
fca9c56836 tests: Use ldbsearch '--scope instead of '-s'
We should use long options in tests to make clear what we are trying to
do.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Björn Jacke
98caa173b2 tests: also test net ads dns (un)register with IPv6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-23 12:45:35 +00:00
Stefan Metzmacher
1e33a4f211 testprogs/blackbox: don't use hardcoded values in test_net_ads_dns.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-13 22:46:14 +02:00
Richard Sharpe
1444196521 testprogs/blackbox: Improve the net ads dns register tests.
More tests are added that add an unprivileged user, enable their
account, and then test that they can add IP addressed but that they
cannot modify other user's IP addresses.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sun Jul  3 14:24:59 CEST 2016 on sn-devel-144
2016-07-03 14:24:58 +02:00
Richard Sharpe
ed4af82a4f s4/selftests: test net ads dns register/unregister.
Add a new test for the net ads dns commands and the needed self test
setup. Currently tests that we can register a name and that it
turns up. Also, tests that we can register with -P.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
2016-06-28 22:35:35 +02:00