search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/smbd: SMB_VFS_SETXATTR => SMB_VFS_FSETXATTR
[Samba.git] / testprogs / blackbox / test_net_ads_dns.sh
blob86566712194c9eaaaa84ef7f7344cc44ffedad26
1 #!/bin/sh
2 # Blackbox tests for net ads dns register etc.
3 # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
5
6 if [ $# -lt 6 ]; then
7 cat <<EOF
8 Usage: test_net_ads_dns.sh SERVER DC_USERNAME DC_PASSWORD REALM USER PASS
9 EOF
10 exit 1;
11 fi
12
13 SERVER=$1
14 DC_USERNAME=$2
15 DC_PASSWORD=$3
16 REALM=$4
17 USERNAME=$5
18 PASSWORD=$6
19 shift 6
20 failed=0
21
22 samba4bindir="$BINDIR"
23 samba4kinit=kinit
24 if test -x $BINDIR/samba4kinit; then
25 samba4kinit=$BINDIR/samba4kinit
26 fi
27
28 samba_tool="$samba4bindir/samba-tool"
29 net_tool="$samba4bindir/net"
30 smbpasswd="$samba4bindir/smbpasswd"
31 texpect="$samba4bindir/texpect"
32 samba4kpasswd=kpasswd
33 if test -x $BINDIR/samba4kpasswd; then
34 samba4kpasswd=$BINDIR/samba4kpasswd
35 fi
36 ldbsearch="$samba4bindir/ldbsearch"
37 ldbmodify="$samba4bindir/ldbmodify"
38
39 newuser="$samba_tool user create"
40 groupaddmem="$samba_tool group addmembers"
41
42 . `dirname $0`/subunit.sh
43
44 UID_WRAPPER_ROOT=1
45 export UID_WRAPPER_ROOT
46
47 IPADDRESS=10.1.4.111
48 IP6ADDRESS=fd00:1a1a::1:5ee:bad:c0de
49 IPADDRMAC=10.1.4.124
50 UNPRIVIP=10.1.4.130
51 NAME=testname
52 UNPRIVNAME=unprivname
53 UNPRIVUSER=unprivuser
54 UNPRIVPASS=UnPrivPass1
55
56 # These tests check that privileged users can add DNS names and that
57 # unprivileged users cannot do so.
58 echo "Starting ..."
59
60 testit "admin user should be able to add a DNS entry $NAME.$REALM $IPADDRESS $IP6ADDRESS" $VALGRIND $net_tool ads dns register $NAME.$REALM $IPADDRESS $IP6ADDRESS -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
61
62 testit "We should be able to see the new name $NAME.$REALM $IPADDRESS" dig @$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS || failed=`expr $failed + 1`
63 testit "We should be able to see the new name $NAME.$REALM $IP6ADDRESS" dig @$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS || failed=`expr $failed + 1`
64
65 testit "We should be able to unregister the name $NAME.$REALM" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
66
67 testit "The name $NAME.$REALM $IPADDRESS should not be there any longer" dig @$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS && failed=`expr $failed + 1`
68 testit "The name $NAME.$REALM $IP6ADDRESS should not be there any longer" dig @$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS && failed=`expr $failed + 1`
69
70 # This should be an expect_failure test ...
71 testit "Adding an unprivileged user" $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
72
73 BASEDN=$($VALGRIND $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -b '' -s base defaultNamingContext | grep defaultNamingContext | sed -e 's!^defaultNamingContext: !!')
74
75 LDIF="dn: CN=$UNPRIVUSER,CN=users,${BASEDN}+changetype: modify+replace: userAccountControl+userAccountControl: 512"
76
77 echo $LDIF | tr '+' '\n' | $VALGRIND $ldbmodify -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -i
78 STATUS=$?
79
80 testit "We should have enabled the account" test $STATUS -eq 0 || failed=`expr $failed + 1`
81
82 #Unprivileged users should be able to add new names
83 testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1`
84
85 # This should work as well
86 testit "machine account should be able to add a DNS entry net ads dns register membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.$REALM $IPADDRMAC -P || failed=`expr $failed + 1`
87
88 testit "We should be able to see the new name membername.$REALM" dig @$SERVER +short -t a membername.$REALM | grep -q $IPADDRMAC || failed=`expr $failed + 1`
89
90 #Unprivileged users should not be able to overwrite other's names
91 testit_expect_failure "Unprivileged users should not be able to modify existing names" $net_tool ads dns register membername.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1`
92
93 testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -P || failed=`expr $failed + 1`
94
95 testit "The name $NAME.$REALM ($IPADDRESS) should not be there any longer" dig @$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS && failed=`expr $failed + 1`
96 testit "The name $NAME.$REALM ($IP6ADDRESS) should not be there any longer" dig @$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS && failed=`expr $failed + 1`
97
98 exit $failed
Samba GIT mirror